General
-
Target
4f07483787d014435655a32a7a666889_JaffaCakes118
-
Size
193KB
-
Sample
240517-jhttbsfh8s
-
MD5
4f07483787d014435655a32a7a666889
-
SHA1
b85a1046b252d20f6f0f1d2e220bf06491abb66d
-
SHA256
28a20d1749e1a04f9f1a3b039848a6bbea1a51f656aed41cc4dc53d7f5b0244d
-
SHA512
a0e878bd75690df71191c9fc6fb57daec3d32c9eb7a72ad613873ca77e0807ab9eed8cfb0c385e6c17a506b1aad027dab73dd7ef44cc5b98e2b16f77b0c6d967
-
SSDEEP
3072:Pb4PrXcuQuvpzm4bkiaMQgAlSr14nBhGMJNwkN:PUDRv1m4bnQgISrShGMJNwkN
Malware Config
Extracted
http://eschricht.com/Carsten/JhAUO/
http://hohwy.com/cgi-bin/jXbWR/
http://f8computer.de/Organisation/xV3/
http://pelumovil.com/wp-admin/WLpuIk/
http://vonnahme.com/cgi-bin/NVzNNhc/
http://www.inkarainbow.com/z0g/
https://andaluzademarqueteria.com/area_cliente/5SvFmfd/
Targets
-
-
Target
4f07483787d014435655a32a7a666889_JaffaCakes118
-
Size
193KB
-
MD5
4f07483787d014435655a32a7a666889
-
SHA1
b85a1046b252d20f6f0f1d2e220bf06491abb66d
-
SHA256
28a20d1749e1a04f9f1a3b039848a6bbea1a51f656aed41cc4dc53d7f5b0244d
-
SHA512
a0e878bd75690df71191c9fc6fb57daec3d32c9eb7a72ad613873ca77e0807ab9eed8cfb0c385e6c17a506b1aad027dab73dd7ef44cc5b98e2b16f77b0c6d967
-
SSDEEP
3072:Pb4PrXcuQuvpzm4bkiaMQgAlSr14nBhGMJNwkN:PUDRv1m4bnQgISrShGMJNwkN
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-