General

  • Target

    5696b296526af45989574312fab39c57_JaffaCakes118

  • Size

    122KB

  • Sample

    240518-y16ceaea25

  • MD5

    5696b296526af45989574312fab39c57

  • SHA1

    7409b5de9965c9212c81971c9efe9b7f10b372a3

  • SHA256

    64e7cbe02d929f4078a319c23f7fed9cba9e1e426e1e199a0466581ed4409506

  • SHA512

    e8d09d78cebd9e04d77af1ac5d540c682e6b65befc0daf6a9d64fb41482051623e2995603f906a9040f5511ac660d8b4dfcb449931bd5a5ab23b495508dc8f33

  • SSDEEP

    1536:DptJlmrJpmxlRw99NB0+auiN7TLdGfnILdcbAd8Lqg44m79hrqjcbZPL:tte2dw99fg7dWAt8Lfun9L

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://thecontemporaries.org/hCzK98uk

exe.dropper

http://www.undrho.edu.gr/D7BoaG

exe.dropper

http://philomenabar.com.br/OJkcv

exe.dropper

http://designerprinte.de/Printe-Blog-2012/wp-content/uploads/xARUG

exe.dropper

http://www.seogreenvillesc.net/4nS

Targets

    • Target

      5696b296526af45989574312fab39c57_JaffaCakes118

    • Size

      122KB

    • MD5

      5696b296526af45989574312fab39c57

    • SHA1

      7409b5de9965c9212c81971c9efe9b7f10b372a3

    • SHA256

      64e7cbe02d929f4078a319c23f7fed9cba9e1e426e1e199a0466581ed4409506

    • SHA512

      e8d09d78cebd9e04d77af1ac5d540c682e6b65befc0daf6a9d64fb41482051623e2995603f906a9040f5511ac660d8b4dfcb449931bd5a5ab23b495508dc8f33

    • SSDEEP

      1536:DptJlmrJpmxlRw99NB0+auiN7TLdGfnILdcbAd8Lqg44m79hrqjcbZPL:tte2dw99fg7dWAt8Lfun9L

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks