General

  • Target

    55e8ba1c7c89854e3727e5e04ea9558e_JaffaCakes118

  • Size

    77KB

  • Sample

    240518-vx6l8aef44

  • MD5

    55e8ba1c7c89854e3727e5e04ea9558e

  • SHA1

    0282dc8b0891d9dc14fb17ec9c1e420273fc910d

  • SHA256

    e8e03a1d179cec3fd9bf6dc4b3b9cef35ef6d68cf0ea936702f8764b9c19a1c0

  • SHA512

    e64586529f5c198dffe9d1b9763248a9c0531e142473a75183496a88b9e93fbbd730b045ceaf211caba560d6fcb097a597c14965d86232cacbbd28d08d401686

  • SSDEEP

    768:kDp4HVGeVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBI+1oUj48YCkjt1zLd+n:xYeocn1kp59gxBK85fBI+aUj4883cn

Malware Config

Targets

    • Target

      55e8ba1c7c89854e3727e5e04ea9558e_JaffaCakes118

    • Size

      77KB

    • MD5

      55e8ba1c7c89854e3727e5e04ea9558e

    • SHA1

      0282dc8b0891d9dc14fb17ec9c1e420273fc910d

    • SHA256

      e8e03a1d179cec3fd9bf6dc4b3b9cef35ef6d68cf0ea936702f8764b9c19a1c0

    • SHA512

      e64586529f5c198dffe9d1b9763248a9c0531e142473a75183496a88b9e93fbbd730b045ceaf211caba560d6fcb097a597c14965d86232cacbbd28d08d401686

    • SSDEEP

      768:kDp4HVGeVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBI+1oUj48YCkjt1zLd+n:xYeocn1kp59gxBK85fBI+aUj4883cn

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks