General

  • Target

    53e9287d05edfeb64da61f2b559c4ec5_JaffaCakes118

  • Size

    75KB

  • Sample

    240518-kpjsdacd8y

  • MD5

    53e9287d05edfeb64da61f2b559c4ec5

  • SHA1

    9490ef3b1009cc9427c06e64b1be67f0eb71fb36

  • SHA256

    e15ed83d30fb5441503125dbb9dfafd006e57ebfb842f786e6d15ef067059183

  • SHA512

    92e1f3c6ee5f48fbca1bc26ba89aa82d0785908da287b55a610a9e1fbf52d3f30bd96ff3e7ae053f55b01259e99d3d989ab1e8d3a2d9890ddc1da0ea703620a6

  • SSDEEP

    1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1rEHZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SiHPfl

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://5ccmyoung.com/rKEh

exe.dropper

http://theiro.com/Stkv

exe.dropper

http://sv-konstanz.info/n

exe.dropper

http://moschee-wil.ch/kex

exe.dropper

http://mport.org/uLff7

Targets

    • Target

      53e9287d05edfeb64da61f2b559c4ec5_JaffaCakes118

    • Size

      75KB

    • MD5

      53e9287d05edfeb64da61f2b559c4ec5

    • SHA1

      9490ef3b1009cc9427c06e64b1be67f0eb71fb36

    • SHA256

      e15ed83d30fb5441503125dbb9dfafd006e57ebfb842f786e6d15ef067059183

    • SHA512

      92e1f3c6ee5f48fbca1bc26ba89aa82d0785908da287b55a610a9e1fbf52d3f30bd96ff3e7ae053f55b01259e99d3d989ab1e8d3a2d9890ddc1da0ea703620a6

    • SSDEEP

      1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1rEHZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SiHPfl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks