General

  • Target

    555c6c5aa9d6333ebcbc182474829e7e_JaffaCakes118

  • Size

    160KB

  • Sample

    240518-sj3mashd21

  • MD5

    555c6c5aa9d6333ebcbc182474829e7e

  • SHA1

    3ec91f4af2ad52e7e62af9a512271d121b82e9aa

  • SHA256

    2b201210a7ea524a3d65c7d2ee2e7d322479657076a1c30f8ec6994eb97f269b

  • SHA512

    44fa1dd2c475451200f86bf2de2cb424520ab23a50b55c70af70002a3e71da45b9e0eebddc6cf825cd3f6c7a9c2545dc3f1ebb9af11a19efc5729b4fd0ae7fe8

  • SSDEEP

    3072:vxjnB29gb8onHgiSXmh2TNc4aZxmHApw2:vxy6gxXggoZggpw2

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://snowdoll.net/UAT

exe.dropper

http://lavoroproducoes.com.br/4K8ok8g

exe.dropper

http://ecojusticepress.com/lRmU2Jt

exe.dropper

http://cm2.com.br/M

exe.dropper

http://craftww.pl//BidC

Targets

    • Target

      555c6c5aa9d6333ebcbc182474829e7e_JaffaCakes118

    • Size

      160KB

    • MD5

      555c6c5aa9d6333ebcbc182474829e7e

    • SHA1

      3ec91f4af2ad52e7e62af9a512271d121b82e9aa

    • SHA256

      2b201210a7ea524a3d65c7d2ee2e7d322479657076a1c30f8ec6994eb97f269b

    • SHA512

      44fa1dd2c475451200f86bf2de2cb424520ab23a50b55c70af70002a3e71da45b9e0eebddc6cf825cd3f6c7a9c2545dc3f1ebb9af11a19efc5729b4fd0ae7fe8

    • SSDEEP

      3072:vxjnB29gb8onHgiSXmh2TNc4aZxmHApw2:vxy6gxXggoZggpw2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks