General

  • Target

    56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118

  • Size

    117KB

  • Sample

    240518-1gy54ahe25

  • MD5

    56ebe183ee8a2af468425878d7c58fe7

  • SHA1

    a1bcc7569e56c28bdb2247a08087f6bdd17a37d3

  • SHA256

    670b4cabc19e632907f7817268989bc392f432ac80526ec97345bc9b7a17e563

  • SHA512

    82076175b16975fb9b3923b85e7fd135289f226f7284872a0ede87243b843053775cb0a911dcd4a7622931585b3c4760aafddfa3a14f35a08d41b1f08a7b27ff

  • SSDEEP

    1536:SptJlmrJpmxlRw99NBC+aitrdIJCmF4yPOpixUgp/0aorGDlP3K3IcF4:Ote2dw99fBSJCjKOgr/BGA3qlF

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.perfectdrivers.com/HQ3h1U5

exe.dropper

http://www.haraldweinbrecht.com/t5

exe.dropper

http://www.imankeyvani.ir/9

exe.dropper

http://www.jbe.ro/K8beLbH

exe.dropper

http://www.egepos.com/32K1Vw

Targets

    • Target

      56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118

    • Size

      117KB

    • MD5

      56ebe183ee8a2af468425878d7c58fe7

    • SHA1

      a1bcc7569e56c28bdb2247a08087f6bdd17a37d3

    • SHA256

      670b4cabc19e632907f7817268989bc392f432ac80526ec97345bc9b7a17e563

    • SHA512

      82076175b16975fb9b3923b85e7fd135289f226f7284872a0ede87243b843053775cb0a911dcd4a7622931585b3c4760aafddfa3a14f35a08d41b1f08a7b27ff

    • SSDEEP

      1536:SptJlmrJpmxlRw99NBC+aitrdIJCmF4yPOpixUgp/0aorGDlP3K3IcF4:Ote2dw99fBSJCjKOgr/BGA3qlF

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks