General

  • Target

    5735af61a58ee58b71228e821f644c59_JaffaCakes118

  • Size

    88KB

  • Sample

    240518-2n14psbh5x

  • MD5

    5735af61a58ee58b71228e821f644c59

  • SHA1

    d04cfcfb9584b277b3f4ebdc22e49c57e9abfa7e

  • SHA256

    f2aadcb464d0f630def510118d25127a9b8626b7b910a7ea6fc64aae6eaad51e

  • SHA512

    15a3c7c0da06c7be1b07ddfaa35de9ca1b90a35dfbf19ea16b9f61bb1faba72887c71352bb6c356e2ace5999d13093c84ae612391e5235aa424f8c1007ec4899

  • SSDEEP

    1536:9FF9vhO1GO/WWWTREhB96rYwyVkDn3IP/Ytj/2p:TifWWu2P69cO/

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://yaticaterm.com/TYJ/wwnox.php?l=juxe7.xap

Targets

    • Target

      5735af61a58ee58b71228e821f644c59_JaffaCakes118

    • Size

      88KB

    • MD5

      5735af61a58ee58b71228e821f644c59

    • SHA1

      d04cfcfb9584b277b3f4ebdc22e49c57e9abfa7e

    • SHA256

      f2aadcb464d0f630def510118d25127a9b8626b7b910a7ea6fc64aae6eaad51e

    • SHA512

      15a3c7c0da06c7be1b07ddfaa35de9ca1b90a35dfbf19ea16b9f61bb1faba72887c71352bb6c356e2ace5999d13093c84ae612391e5235aa424f8c1007ec4899

    • SSDEEP

      1536:9FF9vhO1GO/WWWTREhB96rYwyVkDn3IP/Ytj/2p:TifWWu2P69cO/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks