General
-
Target
2b645653216cf143f6b73626e2bbbe31_JaffaCakes118
-
Size
63KB
-
Sample
240509-xhntzace57
-
MD5
2b645653216cf143f6b73626e2bbbe31
-
SHA1
a55d1c6d61e59ece7e7d0e0594075c56702b9f86
-
SHA256
d00be1070b0155e66502d33ebdf4c7d1f9d3faac983848a40cf96f8c63d50a78
-
SHA512
45c367bb036f1ff158c3e399083e7e8c804acfdad1191f03495976829c1a3aadd8cd8a3a1fff629c69121e34e27398e628b7cf733190d28c23b4fdf3123ffc61
-
SSDEEP
768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiI1piW1Efo44/+7szlDsB8H:4ptJlmrJpmxlRw99NBN+aW/17mAa
Malware Config
Extracted
http://frayd.com/KccPtp
http://empiresys.com.sg/Zpa5Q70H
http://eldridgelondon.com/nubOyShJ
http://iclebyte.com/oWT
http://kerasova-photo.ru/Yuv
Targets
-
-
Target
2b645653216cf143f6b73626e2bbbe31_JaffaCakes118
-
Size
63KB
-
MD5
2b645653216cf143f6b73626e2bbbe31
-
SHA1
a55d1c6d61e59ece7e7d0e0594075c56702b9f86
-
SHA256
d00be1070b0155e66502d33ebdf4c7d1f9d3faac983848a40cf96f8c63d50a78
-
SHA512
45c367bb036f1ff158c3e399083e7e8c804acfdad1191f03495976829c1a3aadd8cd8a3a1fff629c69121e34e27398e628b7cf733190d28c23b4fdf3123ffc61
-
SSDEEP
768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiI1piW1Efo44/+7szlDsB8H:4ptJlmrJpmxlRw99NBN+aW/17mAa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-