General

  • Target

    5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.bin

  • Size

    114KB

  • Sample

    240517-3dmc8sge5v

  • MD5

    5076c1f719f8579daeef8a9c6c20a391

  • SHA1

    a494ca82011e12a9fa8b6cf5f6e63cbc9729483b

  • SHA256

    2e650a98d1ec0c382a023e11ccb06d0b82624ab1549c5cf38d0e786e454f1d9b

  • SHA512

    895df25fe9faee365273f8c535104f6ede7f64fd49c923d400c4e66dcbde54e930ad00b9c9f8d5850ab93fbd8b1b0e2c43cb08f3863431b9ef5c641bf4a02817

  • SSDEEP

    1536:NptJlmrJpmxlRw99NB8+aXvV4UEXU0zqF1voveYhnpC:Tte2dw99fA5IzqFyew

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://iptestlabs.com/e8SQobgq

exe.dropper

https://mi-esquina.com/UUJHn6Pl0e

exe.dropper

http://ogoslon.com.ua/kZpLoa2

exe.dropper

http://ivcn.ru/7J5QifLd

exe.dropper

http://abcresteconsulting.com/9ZVYiddq

Targets

    • Target

      5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.bin

    • Size

      114KB

    • MD5

      5076c1f719f8579daeef8a9c6c20a391

    • SHA1

      a494ca82011e12a9fa8b6cf5f6e63cbc9729483b

    • SHA256

      2e650a98d1ec0c382a023e11ccb06d0b82624ab1549c5cf38d0e786e454f1d9b

    • SHA512

      895df25fe9faee365273f8c535104f6ede7f64fd49c923d400c4e66dcbde54e930ad00b9c9f8d5850ab93fbd8b1b0e2c43cb08f3863431b9ef5c641bf4a02817

    • SSDEEP

      1536:NptJlmrJpmxlRw99NB8+aXvV4UEXU0zqF1voveYhnpC:Tte2dw99fA5IzqFyew

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks