General

  • Target

    54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118

  • Size

    81KB

  • Sample

    240518-l2d84aed36

  • MD5

    54311c77bf34c7cabfb8db1eb9fc8656

  • SHA1

    611267ff2275d53bedfae15ff69561d0e1a319a1

  • SHA256

    51a0668ec04b51d7d72a06d9ff811c2ff3d2e03a05f7e126753861e54cb1cf5c

  • SHA512

    4e3a0e39e00e1b8aa58f6d0048e7e3c7dee0a456b26ce24b312964e932b5181622b9ddfdd94c36327ea318cb698331d00ad3386e70774025f71b30cc41728c77

  • SSDEEP

    1536:lptJlmrJpmxlRw99NBD/t+alqtmm+Z/tiwp613rvDaHwwle:bte2dw99fD/LqtmlVp6laT

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://miafashionropadeportiva.com/y

exe.dropper

http://terabuild.sevencolours.eu/4bc2kL

exe.dropper

http://oztax-homepage.tonishdev.com/Lg4

exe.dropper

http://vioprotection.com.co/u

exe.dropper

http://test.helos.no/6GZ24w1

Targets

    • Target

      54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118

    • Size

      81KB

    • MD5

      54311c77bf34c7cabfb8db1eb9fc8656

    • SHA1

      611267ff2275d53bedfae15ff69561d0e1a319a1

    • SHA256

      51a0668ec04b51d7d72a06d9ff811c2ff3d2e03a05f7e126753861e54cb1cf5c

    • SHA512

      4e3a0e39e00e1b8aa58f6d0048e7e3c7dee0a456b26ce24b312964e932b5181622b9ddfdd94c36327ea318cb698331d00ad3386e70774025f71b30cc41728c77

    • SSDEEP

      1536:lptJlmrJpmxlRw99NBD/t+alqtmm+Z/tiwp613rvDaHwwle:bte2dw99fD/LqtmlVp6laT

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks