General

  • Target

    54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118

  • Size

    93KB

  • Sample

    240518-qpxbcsde61

  • MD5

    54efa3a21c4500a6f2bd0039615e2875

  • SHA1

    93fea75d5c2073ae56df6cd128240a9762f57200

  • SHA256

    0dbd38d7502e2fc3e11651495fe95b40e6f6590e93784831950fa24477728c68

  • SHA512

    d66d0ad0f62a33b810a964ebbd81ebf8a571f1e1427d2cff366abe51128d965a4fafcbca1127569d08a32647bf14fceb09a16409836cb61dc34c6ae51f63312a

  • SSDEEP

    1536:kptJlmrJpmxlRw99NB4w+dB9uoiUCnX64JrTEGmu74:Ute2dw99fjzNEXj

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://29uwuwousuw8wuwyuwie.com/MXE/lodpos.php?l=yows1.xt2

Targets

    • Target

      54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118

    • Size

      93KB

    • MD5

      54efa3a21c4500a6f2bd0039615e2875

    • SHA1

      93fea75d5c2073ae56df6cd128240a9762f57200

    • SHA256

      0dbd38d7502e2fc3e11651495fe95b40e6f6590e93784831950fa24477728c68

    • SHA512

      d66d0ad0f62a33b810a964ebbd81ebf8a571f1e1427d2cff366abe51128d965a4fafcbca1127569d08a32647bf14fceb09a16409836cb61dc34c6ae51f63312a

    • SSDEEP

      1536:kptJlmrJpmxlRw99NB4w+dB9uoiUCnX64JrTEGmu74:Ute2dw99fjzNEXj

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks