General

  • Target

    539f6d1297a28d706c7be2cf90a1805f_JaffaCakes118

  • Size

    268KB

  • Sample

    240518-je7k1shh7t

  • MD5

    539f6d1297a28d706c7be2cf90a1805f

  • SHA1

    ebc86749fcfb48eb7d271c6123415104da1ff6a1

  • SHA256

    d90ae3ef98e3b7182cc449dc481242a4a15bd07f536ffcc93b59cec15a3179af

  • SHA512

    7dc35587cd276552cd66f2ac22682d5fc9044c3107d77c76cab98889bf4edd1f30575741785e4cff8a51c0867c5face2c4763d4331299a9ae631e7da9f43e977

  • SSDEEP

    6144:cCwQK3RpVS7G4SVuz1QzLhxztsZGPwtM:eQQLGSVuz1QHhxztCtM

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://conhantaolico.com/34hxFYGbRM

exe.dropper

http://dep123.com/kctF66Z4Ns

exe.dropper

http://debestetelecomdeals.nl/fSERpV1oMK

exe.dropper

http://deleukstesexspeeltjes.nl/mDXN5EUS8

exe.dropper

http://www.tubeian.com/TQjVVcg

Targets

    • Target

      539f6d1297a28d706c7be2cf90a1805f_JaffaCakes118

    • Size

      268KB

    • MD5

      539f6d1297a28d706c7be2cf90a1805f

    • SHA1

      ebc86749fcfb48eb7d271c6123415104da1ff6a1

    • SHA256

      d90ae3ef98e3b7182cc449dc481242a4a15bd07f536ffcc93b59cec15a3179af

    • SHA512

      7dc35587cd276552cd66f2ac22682d5fc9044c3107d77c76cab98889bf4edd1f30575741785e4cff8a51c0867c5face2c4763d4331299a9ae631e7da9f43e977

    • SSDEEP

      6144:cCwQK3RpVS7G4SVuz1QzLhxztsZGPwtM:eQQLGSVuz1QHhxztCtM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks