General
-
Target
364e0280854591448cb320bb8c7efbf2_JaffaCakes118
-
Size
200KB
-
Sample
240511-yse59ahf99
-
MD5
364e0280854591448cb320bb8c7efbf2
-
SHA1
632f38a4a48d38c3b8a21cc89c9f24ee81773048
-
SHA256
924d061e9517d286d362d29b437f2c8f6145e83053b16cc364e4d6d7f0d40676
-
SHA512
b9ecd7c684796b500eaa6441c5d30c7cd335d5cbcc81bf3fa9cc5827cd098e0454d781403db797562e00ea87fc48619f3a95873ef25e8dbf973850d2ac0f483b
-
SSDEEP
3072:M4PrXcuQuvpzm4bkiaMQgAlSVDxgJU2D9BRnwt7wRac:hDRv1m4bnQgISVNgJU2hst7wr
Malware Config
Extracted
http://givingthanksdaily.com/cgi-bin/UUZ/
http://taliedaran.ir/wp-admin/xoflMkAX/
https://ceramicaburguina.com.br/Backup_Sistemas/VJFrtw/
http://bercpro.be/cgi-bin/TMFfK/
https://www.iqos-heets.com/wp-content/uploads/kOgjl/
https://technilab.nl/wp-content/zSv/
https://andmak.pl/strona/DczUjFV/
Targets
-
-
Target
364e0280854591448cb320bb8c7efbf2_JaffaCakes118
-
Size
200KB
-
MD5
364e0280854591448cb320bb8c7efbf2
-
SHA1
632f38a4a48d38c3b8a21cc89c9f24ee81773048
-
SHA256
924d061e9517d286d362d29b437f2c8f6145e83053b16cc364e4d6d7f0d40676
-
SHA512
b9ecd7c684796b500eaa6441c5d30c7cd335d5cbcc81bf3fa9cc5827cd098e0454d781403db797562e00ea87fc48619f3a95873ef25e8dbf973850d2ac0f483b
-
SSDEEP
3072:M4PrXcuQuvpzm4bkiaMQgAlSVDxgJU2D9BRnwt7wRac:hDRv1m4bnQgISVNgJU2hst7wr
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-