General

  • Target

    28d038b8af4c15606af45f46288044ab_JaffaCakes118

  • Size

    136KB

  • Sample

    240509-hq759afa7v

  • MD5

    28d038b8af4c15606af45f46288044ab

  • SHA1

    ec2f0e61f236865b5ea16aa610775ff5bebbaec5

  • SHA256

    6273492f7425010ac115b511226334f85378b15d21cf49e27e8ab35503a55adf

  • SHA512

    640afe19a0240b953e500d200464f58819638310bad31dcf3ca80e70c565ff7e9da6636557a09350ead017a7843ba58d7b4ba130b46f46f51eb5983dd6ebedcb

  • SSDEEP

    3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8q0PNt4LQRnfgsbBU:a77HUUUUUUUUUUUUUUUUUUUT52VZSLQa

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://drmarins.com/engl/pCAdOLWLJ/

exe.dropper

http://hybridbusinesssolutions.com.au/cgi-bin/t6ye0j_wyhf4yw-2/

exe.dropper

http://durakbufecengelkoy.com/wp-includes/GrIBQTnoO/

exe.dropper

http://performancevitality.net/partner/rq2totv_bryhdqjc2-17320/

exe.dropper

http://tnrkentonode.com/wp-admin/vxaljneq_f9vcwvsz03-015845519/

Targets

    • Target

      28d038b8af4c15606af45f46288044ab_JaffaCakes118

    • Size

      136KB

    • MD5

      28d038b8af4c15606af45f46288044ab

    • SHA1

      ec2f0e61f236865b5ea16aa610775ff5bebbaec5

    • SHA256

      6273492f7425010ac115b511226334f85378b15d21cf49e27e8ab35503a55adf

    • SHA512

      640afe19a0240b953e500d200464f58819638310bad31dcf3ca80e70c565ff7e9da6636557a09350ead017a7843ba58d7b4ba130b46f46f51eb5983dd6ebedcb

    • SSDEEP

      3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8q0PNt4LQRnfgsbBU:a77HUUUUUUUUUUUUUUUUUUUT52VZSLQa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks