General

  • Target

    569a929463dc75c80783d9cb93bca78c_JaffaCakes118

  • Size

    259KB

  • Sample

    240518-y4zzssdf6x

  • MD5

    569a929463dc75c80783d9cb93bca78c

  • SHA1

    bb8acd3c4f240e3e751fc02b81446fd4b65ba068

  • SHA256

    8c2ca0ed9fe9a6a4232f12a27907594486e7bb5f9c6a649f7ff715bb19830ace

  • SHA512

    1d89e8554e9848c129dd6e0195b8b222f897cd269cd00c81913feba654f0be3dcc0fb17e66d172ca7703eacf467c72a53ae7c09e78c14ae00d456bf5a565ca1e

  • SSDEEP

    6144:XHsclEYbxSsQOo3cu/FA5Z/bW01tSy9we:XN+YbxCR3cMFALqh

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://217.182.231.43/lodpos.php

exe.dropper

http://d792jssk19usnskdxnsw.com/MXE/lodpos.php?l=yows2.xt2

Targets

    • Target

      569a929463dc75c80783d9cb93bca78c_JaffaCakes118

    • Size

      259KB

    • MD5

      569a929463dc75c80783d9cb93bca78c

    • SHA1

      bb8acd3c4f240e3e751fc02b81446fd4b65ba068

    • SHA256

      8c2ca0ed9fe9a6a4232f12a27907594486e7bb5f9c6a649f7ff715bb19830ace

    • SHA512

      1d89e8554e9848c129dd6e0195b8b222f897cd269cd00c81913feba654f0be3dcc0fb17e66d172ca7703eacf467c72a53ae7c09e78c14ae00d456bf5a565ca1e

    • SSDEEP

      6144:XHsclEYbxSsQOo3cu/FA5Z/bW01tSy9we:XN+YbxCR3cMFALqh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks