General
-
Target
3445861e718e3414725e2ee1af1b7d40_JaffaCakes118
-
Size
68KB
-
Sample
240511-m6wvdade5t
-
MD5
3445861e718e3414725e2ee1af1b7d40
-
SHA1
db660619f5abdb23490c2b60288ea93c8df4a3ad
-
SHA256
97c417918368f2b12dd4f531d6038f0f9b30c6a902fd17d43f6873f679cf1b11
-
SHA512
4d04836bb21d36b6afd02667119d9eb6da3c4a4c84db3a1138894a96a966412933685b38449caddfc459dfe194f6a9f2aea8162f1d2982d91b000ad5b46c942f
-
SSDEEP
768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BbbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/NknF
Malware Config
Extracted
http://mooremakeup.com/k
http://crossroadstamp.com/0
http://ntsuporte.com.br/kl5
http://oooka.biz/RaQOFhRM
http://parusalon.ru/idb
Targets
-
-
Target
3445861e718e3414725e2ee1af1b7d40_JaffaCakes118
-
Size
68KB
-
MD5
3445861e718e3414725e2ee1af1b7d40
-
SHA1
db660619f5abdb23490c2b60288ea93c8df4a3ad
-
SHA256
97c417918368f2b12dd4f531d6038f0f9b30c6a902fd17d43f6873f679cf1b11
-
SHA512
4d04836bb21d36b6afd02667119d9eb6da3c4a4c84db3a1138894a96a966412933685b38449caddfc459dfe194f6a9f2aea8162f1d2982d91b000ad5b46c942f
-
SSDEEP
768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BbbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/NknF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-