General

  • Target

    5454d22f2f1b67f7e148e46cd7fc6deb_JaffaCakes118

  • Size

    80KB

  • Sample

    240518-mzazbsfh99

  • MD5

    5454d22f2f1b67f7e148e46cd7fc6deb

  • SHA1

    8d12192fe6fe339bb752091dc8ff61a40e5ed147

  • SHA256

    b2a10088814915742dfc1eb8d0bc57207025a670b9679fc0d9524ea0135d66c7

  • SHA512

    57c7af6f4fdf0606a098fab820764d2038bef779b8453c1328f38edc2b49bccc31604f8acc5d0cb302e2e644bfc2a747dcf0131239db325a9286222b0de3e66c

  • SSDEEP

    1536:KptJlmrJpmxlRw99NBT+aVo9EB70iz4lSfie:Wte2dw99fK9E

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://menricus.eu/jkJN9v1r

exe.dropper

http://drclaudiadiez.com/6u

exe.dropper

http://dolhun.pl/pub/q12K

exe.dropper

http://bdhyman.com/pXH9xty

exe.dropper

http://ahlihosting.com/NktXvPt

Targets

    • Target

      5454d22f2f1b67f7e148e46cd7fc6deb_JaffaCakes118

    • Size

      80KB

    • MD5

      5454d22f2f1b67f7e148e46cd7fc6deb

    • SHA1

      8d12192fe6fe339bb752091dc8ff61a40e5ed147

    • SHA256

      b2a10088814915742dfc1eb8d0bc57207025a670b9679fc0d9524ea0135d66c7

    • SHA512

      57c7af6f4fdf0606a098fab820764d2038bef779b8453c1328f38edc2b49bccc31604f8acc5d0cb302e2e644bfc2a747dcf0131239db325a9286222b0de3e66c

    • SSDEEP

      1536:KptJlmrJpmxlRw99NBT+aVo9EB70iz4lSfie:Wte2dw99fK9E

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks