General

  • Target

    50b03ddd9d427dd4bd675a1e9ef3f96b_JaffaCakes118

  • Size

    235KB

  • Sample

    240517-v9fassah3y

  • MD5

    50b03ddd9d427dd4bd675a1e9ef3f96b

  • SHA1

    e9e66e092a735a5b81e317f90a0c54c31572a5de

  • SHA256

    2004c42b12642630ecfbb726add85ef100207f8bbf2f456b7be6d4b18b9b02d4

  • SHA512

    3eb234184d70c1fcce644f8973c0be955b9ef22d247ff6f5bc2b91ba1fbaeaf9626ff26be96c0f2c6e33fd67742df1bb55918a5bdfae570d3b6b5d34d3608866

  • SSDEEP

    3072:pXgQEjb2eWJlrqmHSrdPACn8CZ8myYvrBfiNKDzaJFUKc0UTE7yZRUV7RJeOzi8t:p377rFH9CZzyYDB6EDzYUTE7yZRVUi8t

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://marcelaquilodran.com/XDyss3V

exe.dropper

http://johnnycrap.com/gXXm0QU

exe.dropper

http://erickogm.com/BXkXAa1

exe.dropper

http://rmz-anticor.ru/IpeUQcngY

exe.dropper

http://u11123p7833.web0104.zxcs.nl/j97Hkz3U

Targets

    • Target

      50b03ddd9d427dd4bd675a1e9ef3f96b_JaffaCakes118

    • Size

      235KB

    • MD5

      50b03ddd9d427dd4bd675a1e9ef3f96b

    • SHA1

      e9e66e092a735a5b81e317f90a0c54c31572a5de

    • SHA256

      2004c42b12642630ecfbb726add85ef100207f8bbf2f456b7be6d4b18b9b02d4

    • SHA512

      3eb234184d70c1fcce644f8973c0be955b9ef22d247ff6f5bc2b91ba1fbaeaf9626ff26be96c0f2c6e33fd67742df1bb55918a5bdfae570d3b6b5d34d3608866

    • SSDEEP

      3072:pXgQEjb2eWJlrqmHSrdPACn8CZ8myYvrBfiNKDzaJFUKc0UTE7yZRUV7RJeOzi8t:p377rFH9CZzyYDB6EDzYUTE7yZRVUi8t

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks