General

  • Target

    52c84a69e2cd72e084959c2d40de0368_JaffaCakes118

  • Size

    221KB

  • Sample

    240518-dnhelahd5t

  • MD5

    52c84a69e2cd72e084959c2d40de0368

  • SHA1

    7587eacfa4ade77e4edd34f69969c873b9631a75

  • SHA256

    009cb1f25f52bbb9acc3d8d5bbe8c6c13aade01181c554c8fcdfbd0c3b004ef7

  • SHA512

    0ec23a200e4665277349f58617a5b3f33628920d365c04e41efb26c6d295852d9402ed4907b49bb466f37d96f80156959491a6f621a7810123ed5415fea0e9c7

  • SSDEEP

    3072:AdgaE5eDjYzqJrz+9fMK+vEvNEKgsnc7xSqIOTViwkmqEfOEHj:Ad9DjSqF+KK+cvNHJnQxH9Mmtfrj

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://amor.official.pw/f3sqVF/

exe.dropper

http://t-p-e.net/M8uZOL/

exe.dropper

http://www.erzotech.eu/esimB50/

exe.dropper

http://csaregiment.pl/2Sms/

Targets

    • Target

      52c84a69e2cd72e084959c2d40de0368_JaffaCakes118

    • Size

      221KB

    • MD5

      52c84a69e2cd72e084959c2d40de0368

    • SHA1

      7587eacfa4ade77e4edd34f69969c873b9631a75

    • SHA256

      009cb1f25f52bbb9acc3d8d5bbe8c6c13aade01181c554c8fcdfbd0c3b004ef7

    • SHA512

      0ec23a200e4665277349f58617a5b3f33628920d365c04e41efb26c6d295852d9402ed4907b49bb466f37d96f80156959491a6f621a7810123ed5415fea0e9c7

    • SSDEEP

      3072:AdgaE5eDjYzqJrz+9fMK+vEvNEKgsnc7xSqIOTViwkmqEfOEHj:Ad9DjSqF+KK+cvNHJnQxH9Mmtfrj

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks