General

  • Target

    543d5e22dc9f8e57ca288e6c0ea281f3_JaffaCakes118

  • Size

    94KB

  • Sample

    240518-ml4z9afb97

  • MD5

    543d5e22dc9f8e57ca288e6c0ea281f3

  • SHA1

    0161cdc4a489a62851f41cd482b0b30c22c59327

  • SHA256

    468a95a13ef88a7f545c6466ababe50d549ba39361c938c2615a84a47ac562c0

  • SHA512

    e8bf2f0006f9c846d0dd512763b58832162013d827ee0b59febf6f85b20e6d81d16acc07585d1dda1a6535afef409ead2ab87384f00e7081da0df15a6a162bc1

  • SSDEEP

    1536:D7xEtjPOtioVjDGUU1qfDlaGGx+cL2QnAt3WOxCMrmbEZxQtf/yxIW7PSeKLQJB8:D7xEtjPOtioVjDGUU1qfDlaGGx+cL2Qh

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://s11.connect-ros.com/login-prompt.ps1

Targets

    • Target

      543d5e22dc9f8e57ca288e6c0ea281f3_JaffaCakes118

    • Size

      94KB

    • MD5

      543d5e22dc9f8e57ca288e6c0ea281f3

    • SHA1

      0161cdc4a489a62851f41cd482b0b30c22c59327

    • SHA256

      468a95a13ef88a7f545c6466ababe50d549ba39361c938c2615a84a47ac562c0

    • SHA512

      e8bf2f0006f9c846d0dd512763b58832162013d827ee0b59febf6f85b20e6d81d16acc07585d1dda1a6535afef409ead2ab87384f00e7081da0df15a6a162bc1

    • SSDEEP

      1536:D7xEtjPOtioVjDGUU1qfDlaGGx+cL2QnAt3WOxCMrmbEZxQtf/yxIW7PSeKLQJB8:D7xEtjPOtioVjDGUU1qfDlaGGx+cL2Qh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks