General

  • Target

    457794ad06ba52d275439cf6521a2e1b_JaffaCakes118

  • Size

    191KB

  • Sample

    240515-k4j2paae55

  • MD5

    457794ad06ba52d275439cf6521a2e1b

  • SHA1

    3b6f46fa7319227f2fb5a645f7074f68bd8bb818

  • SHA256

    65836f35189720691f30ed8f88638a91183cfbf994e08500b8ec1e1c39d54f00

  • SHA512

    ee0ae32d7028dccf106e4714f171d0977aa6acc765364319139146925c68ed0d49be516fcaebc4a1803acdad765fd915643430ddf37575fc497bb794864f429e

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZpNu81zUz4LKgB:E/TX07hHcJQbuezUELbB

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/

exe.dropper

http://injazjordan.com/moodle/Vh/

exe.dropper

https://site1.xyz/wp-admin/Y/

exe.dropper

http://2bstone.com/vr7tf0c/ZD/

exe.dropper

http://biology-360.com/wp-admin/hv/

exe.dropper

http://tez-tour.site/wp-content/9sB/

exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      457794ad06ba52d275439cf6521a2e1b_JaffaCakes118

    • Size

      191KB

    • MD5

      457794ad06ba52d275439cf6521a2e1b

    • SHA1

      3b6f46fa7319227f2fb5a645f7074f68bd8bb818

    • SHA256

      65836f35189720691f30ed8f88638a91183cfbf994e08500b8ec1e1c39d54f00

    • SHA512

      ee0ae32d7028dccf106e4714f171d0977aa6acc765364319139146925c68ed0d49be516fcaebc4a1803acdad765fd915643430ddf37575fc497bb794864f429e

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZpNu81zUz4LKgB:E/TX07hHcJQbuezUELbB

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks