General

  • Target

    53303f18cdb2e76286ad2f280408f6f7_JaffaCakes118

  • Size

    52KB

  • Sample

    240518-f2j7fsde9s

  • MD5

    53303f18cdb2e76286ad2f280408f6f7

  • SHA1

    3ff0e3413f54591ba2a49e53ac0e9548c97d0c93

  • SHA256

    9a803fb30cd79014082a358b839848b5f8305e8410fecb7da3b12415f2fca4e7

  • SHA512

    89ce1fbf12ed17f1ca062442182ec2b8e89bcefad2c34e35bb961f9bd1c15c9048c6f9b419de46d11b80fb77730f2fdc05caee15a01f61dd78b062a351aef0a4

  • SSDEEP

    768:80jP1SwHoLKys6Nh6EYByrCo2JkVIINK+rjtyl:84/o06HiBqcsIINK+W

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sapconinstruments.com/backup-18-april-2014/profiles/default/ImportantInformation.exe

Targets

    • Target

      53303f18cdb2e76286ad2f280408f6f7_JaffaCakes118

    • Size

      52KB

    • MD5

      53303f18cdb2e76286ad2f280408f6f7

    • SHA1

      3ff0e3413f54591ba2a49e53ac0e9548c97d0c93

    • SHA256

      9a803fb30cd79014082a358b839848b5f8305e8410fecb7da3b12415f2fca4e7

    • SHA512

      89ce1fbf12ed17f1ca062442182ec2b8e89bcefad2c34e35bb961f9bd1c15c9048c6f9b419de46d11b80fb77730f2fdc05caee15a01f61dd78b062a351aef0a4

    • SSDEEP

      768:80jP1SwHoLKys6Nh6EYByrCo2JkVIINK+rjtyl:84/o06HiBqcsIINK+W

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks