General
-
Target
3411b47fcaa82aaafe11a622e67ef3ae_JaffaCakes118
-
Size
168KB
-
Sample
240511-l92pcscc5s
-
MD5
3411b47fcaa82aaafe11a622e67ef3ae
-
SHA1
94b855441b1c6ef2810425b8cb44953ac6c95798
-
SHA256
dbd39f42c733918b961bbc90cb8858dc9818bbfeeecdb7c2cf1d58c2b7b00f3f
-
SHA512
815f345c42e0c3216a3ca01b5e0b67b0c18052ff7502146dd31ef58c63f5b669f0343c924b421096a91e82e2a6e8abd224a0430c0214fcebcf7a381c2cd5899c
-
SSDEEP
3072:SKk9XMOGRZhYPJU68AHshLUicf+0d+m2F4QC1E4G4zuhSOgdK:Gi3RfYxhNniNGIgSSOaK
Malware Config
Extracted
http://thelokhalegian.com/hope.exe
Targets
-
-
Target
3411b47fcaa82aaafe11a622e67ef3ae_JaffaCakes118
-
Size
168KB
-
MD5
3411b47fcaa82aaafe11a622e67ef3ae
-
SHA1
94b855441b1c6ef2810425b8cb44953ac6c95798
-
SHA256
dbd39f42c733918b961bbc90cb8858dc9818bbfeeecdb7c2cf1d58c2b7b00f3f
-
SHA512
815f345c42e0c3216a3ca01b5e0b67b0c18052ff7502146dd31ef58c63f5b669f0343c924b421096a91e82e2a6e8abd224a0430c0214fcebcf7a381c2cd5899c
-
SSDEEP
3072:SKk9XMOGRZhYPJU68AHshLUicf+0d+m2F4QC1E4G4zuhSOgdK:Gi3RfYxhNniNGIgSSOaK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-