General
-
Target
4088ad5ff2bd30074c815b6cdcae5110_JaffaCakes118
-
Size
79KB
-
Sample
240514-hblcyadg8z
-
MD5
4088ad5ff2bd30074c815b6cdcae5110
-
SHA1
cbfe0674a90438f39672f0521b8ebd02a038af94
-
SHA256
9e13f92437e7b3fc803b02aca61f93835fe9f633c2f7646b99c8d0c0ce95535a
-
SHA512
0f41a7a34add7b8205085ae9c153860ebee54848cd1e13d1b4142c93b3abb59ad91db8c80c853b77fdda41bb7ccc2c142a6c0199ea578efabca46c01e158efca
-
SSDEEP
1536:49FVFNrZLXB6tBXAUFW9LkoGwNAd4ANdY8dVyyMK3phgRz4d:gTrLg3DoGf4q28dUhwpSN4d
Behavioral task
behavioral1
Sample
UPS-6GWU3RUKCVR04B.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
UPS-6GWU3RUKCVR04B.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://kompy.cba.pl/gif/lN_dl/
http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
http://dev.dimatech.org/wp-admin/Hu_jj/
http://juangrela.com/admin/bB_m/
http://coupedecheveux.org/yu71t1x/c_V/
Targets
-
-
Target
UPS-6GWU3RUKCVR04B.js
-
Size
161KB
-
MD5
3a864f7c64c77a701b9aec3dbcb4389f
-
SHA1
1a1cfdbbded9a84be91aac5064a21c591710049c
-
SHA256
46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb
-
SHA512
9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac
-
SSDEEP
3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qvIlc5hlPOwy7/FswxoLL5R:w77HUUUUUUUUUUUUUUUUUUUT52VJcPlv
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-