General

  • Target

    2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118

  • Size

    92KB

  • Sample

    240510-l2gn8abf43

  • MD5

    2e9496f1bd7907cee328c5e784c9bbeb

  • SHA1

    47d5a2eafa82026ce50c1e6f907df12c75cda61e

  • SHA256

    2574968952cc3183441222780dfea92185b40c11f72b9fcacfc0a450d1190dfd

  • SHA512

    f75a1c6986a5bd04644736bbe80dc4e8de228fabe654d062d4964ac832ac51f8f73dbce17661df05b94b825a35029589b9ef26fd544dfa62c4e19e1c506cc241

  • SSDEEP

    1536:FTxjwKZ09cB7y9ghN8+mQ90MT/+aRjHOY6X/cN:FxjnB29gb8onwPUN

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kamin-sauna.com.ua/whVeJ8l

exe.dropper

http://ekuvshinova.com/udfQrgHr

exe.dropper

http://timlinger.com/rM

exe.dropper

http://cm2.com.br/oS

exe.dropper

http://dfinformatica.com.br/site/wp-includes/images/crystal/gT

Targets

    • Target

      2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118

    • Size

      92KB

    • MD5

      2e9496f1bd7907cee328c5e784c9bbeb

    • SHA1

      47d5a2eafa82026ce50c1e6f907df12c75cda61e

    • SHA256

      2574968952cc3183441222780dfea92185b40c11f72b9fcacfc0a450d1190dfd

    • SHA512

      f75a1c6986a5bd04644736bbe80dc4e8de228fabe654d062d4964ac832ac51f8f73dbce17661df05b94b825a35029589b9ef26fd544dfa62c4e19e1c506cc241

    • SSDEEP

      1536:FTxjwKZ09cB7y9ghN8+mQ90MT/+aRjHOY6X/cN:FxjnB29gb8onwPUN

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks