General

  • Target

    54a33cb443e52f570258ee13d0e98fe0_JaffaCakes118

  • Size

    51KB

  • Sample

    240518-paw7daag5z

  • MD5

    54a33cb443e52f570258ee13d0e98fe0

  • SHA1

    7cc205fdd1cb3a438685e17c8713ec39edc73826

  • SHA256

    279b142812de41b93f59029cda286325e30284c9086beb666f5623a047875447

  • SHA512

    61a36984d37058b96029117ad326de1afe1d438177c1998be592631dbf567ba200c97a4281262211bd890cb6b8e5ca28c8a3d4590eb12bd10233d49ad13d238f

  • SSDEEP

    768:zFKKq18l5t9MAu7nWB3LGH0oyHfduIs4KbxvhTHA:z7q1GfBK0oMHs4K5hTg

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wfdblinds.com/unpire.exe

Targets

    • Target

      54a33cb443e52f570258ee13d0e98fe0_JaffaCakes118

    • Size

      51KB

    • MD5

      54a33cb443e52f570258ee13d0e98fe0

    • SHA1

      7cc205fdd1cb3a438685e17c8713ec39edc73826

    • SHA256

      279b142812de41b93f59029cda286325e30284c9086beb666f5623a047875447

    • SHA512

      61a36984d37058b96029117ad326de1afe1d438177c1998be592631dbf567ba200c97a4281262211bd890cb6b8e5ca28c8a3d4590eb12bd10233d49ad13d238f

    • SSDEEP

      768:zFKKq18l5t9MAu7nWB3LGH0oyHfduIs4KbxvhTHA:z7q1GfBK0oMHs4K5hTg

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks