General
-
Target
2feff6d404c2e9b5c0163adadd502d10_JaffaCakes118
-
Size
131KB
-
Sample
240510-tkdv1aea51
-
MD5
2feff6d404c2e9b5c0163adadd502d10
-
SHA1
968e4c6736aee37877769aeb80c676087054534f
-
SHA256
754c5ad69cf061f0a47fada60c8d078751fff34db40d1b8d933956ef21a97305
-
SHA512
c554b1ec572a0cce16e12f5ea2fc143813477cb664de6d44931486f7db26739591b5c2129e0ab7cc874e6d53a8dcae5ab92e8bcd20e13186bda9913b69ecd305
-
SSDEEP
1536:O81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9udl6dAu:O8GhDS0o9zTGOZD6EbzCdsdIiu
Malware Config
Extracted
http://www.khutt.org/0lz8WgN
http://www.viromedia.net/Hj
http://www.progettopersianas.com.br/KD3q0VRw
http://bunonartcrafts.com/u
http://robwalls.com/lf
Targets
-
-
Target
2feff6d404c2e9b5c0163adadd502d10_JaffaCakes118
-
Size
131KB
-
MD5
2feff6d404c2e9b5c0163adadd502d10
-
SHA1
968e4c6736aee37877769aeb80c676087054534f
-
SHA256
754c5ad69cf061f0a47fada60c8d078751fff34db40d1b8d933956ef21a97305
-
SHA512
c554b1ec572a0cce16e12f5ea2fc143813477cb664de6d44931486f7db26739591b5c2129e0ab7cc874e6d53a8dcae5ab92e8bcd20e13186bda9913b69ecd305
-
SSDEEP
1536:O81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9udl6dAu:O8GhDS0o9zTGOZD6EbzCdsdIiu
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-