General

  • Target

    55e940a79968b8bcc7b5c6da5320b3c5_JaffaCakes118

  • Size

    93KB

  • Sample

    240518-vyjtvaef67

  • MD5

    55e940a79968b8bcc7b5c6da5320b3c5

  • SHA1

    a4972f63f57f2d1fe05488d33f4e9e0e40d23504

  • SHA256

    41b7a2fd47b0f97975d0143dc9fab6b80022eebce2d4a4587e5e61d55ea218d6

  • SHA512

    38fc6e688cca79d22be94676e101c745b6e5e5bd45d8613236fc8d3aafa59293091b657a1e41c494543a6b08cb6f324e8e17ce286d35e0425b20f9f11097b4e8

  • SSDEEP

    1536:xptJlmrJpmxlRw99NBL+aL7PkEaaXQiFKLd:vte2dw99ffkBaXQi

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://webmounts.co.ke/rmFksbPG

exe.dropper

http://pengacaraperceraian.pengacaratopsurabaya.com/s6

exe.dropper

http://wp1.lukas.fr/9lvv9kkr

exe.dropper

http://marbdobrasil.com/3X

exe.dropper

http://repro4.com/website/wp-content/uploads/Hbdsm

Targets

    • Target

      55e940a79968b8bcc7b5c6da5320b3c5_JaffaCakes118

    • Size

      93KB

    • MD5

      55e940a79968b8bcc7b5c6da5320b3c5

    • SHA1

      a4972f63f57f2d1fe05488d33f4e9e0e40d23504

    • SHA256

      41b7a2fd47b0f97975d0143dc9fab6b80022eebce2d4a4587e5e61d55ea218d6

    • SHA512

      38fc6e688cca79d22be94676e101c745b6e5e5bd45d8613236fc8d3aafa59293091b657a1e41c494543a6b08cb6f324e8e17ce286d35e0425b20f9f11097b4e8

    • SSDEEP

      1536:xptJlmrJpmxlRw99NBL+aL7PkEaaXQiFKLd:vte2dw99ffkBaXQi

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks