General

  • Target

    52e42512e5ee3502948669046e904fd2_JaffaCakes118

  • Size

    80KB

  • Sample

    240518-eblrxsae7x

  • MD5

    52e42512e5ee3502948669046e904fd2

  • SHA1

    5b9e971cbd3b4eb4e541a3da1f4bea51c2c86aa5

  • SHA256

    fed4bfe887b4db55db0fffc5f2d6dd8b8a0204c019ca27fbe496aa73c20b97ca

  • SHA512

    e7c2812d1a22b0159669d408cd8718fe78fef879f71babfa4f760024b84e065570417470095a8476c8b002c4c7e82f77969984fce5ae08e808e7b9a0336f5910

  • SSDEEP

    1536:xptJlmrJpmxlRw99NBL+aLaPkEaaXQiFKLd:vte2dw99fmkBaXQi

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://webmounts.co.ke/rmFksbPG

exe.dropper

http://pengacaraperceraian.pengacaratopsurabaya.com/s6

exe.dropper

http://wp1.lukas.fr/9lvv9kkr

exe.dropper

http://marbdobrasil.com/3X

exe.dropper

http://repro4.com/website/wp-content/uploads/Hbdsm

Targets

    • Target

      52e42512e5ee3502948669046e904fd2_JaffaCakes118

    • Size

      80KB

    • MD5

      52e42512e5ee3502948669046e904fd2

    • SHA1

      5b9e971cbd3b4eb4e541a3da1f4bea51c2c86aa5

    • SHA256

      fed4bfe887b4db55db0fffc5f2d6dd8b8a0204c019ca27fbe496aa73c20b97ca

    • SHA512

      e7c2812d1a22b0159669d408cd8718fe78fef879f71babfa4f760024b84e065570417470095a8476c8b002c4c7e82f77969984fce5ae08e808e7b9a0336f5910

    • SSDEEP

      1536:xptJlmrJpmxlRw99NBL+aLaPkEaaXQiFKLd:vte2dw99fmkBaXQi

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks