General

  • Target

    5681907763cea067e8a1d9fdb3224bce_JaffaCakes118

  • Size

    64KB

  • Sample

    240518-yl534ada78

  • MD5

    5681907763cea067e8a1d9fdb3224bce

  • SHA1

    8af34f39fa30568f5e0c28a82273ad38db6cc982

  • SHA256

    d791714bf515d2e6f3e709375cfe56171589f4359614487485836a9a23bb3da0

  • SHA512

    ed0d2407c4a753d6d65f08e3c7e4cbb2469d512fcb5be03956f674961d6c813f93722dde012009acd225563320d56ab50789af4a6421899eb4b3ce8469594c31

  • SSDEEP

    1536:WptJlmrJpmxlRw99NBz+aznMJD1R0PGrd:ate2dw99fbMJJRSGrd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://newspectivenewage.com/wOkHIv

exe.dropper

http://notehashtom.ir/q7Zj

exe.dropper

http://campwoodlands.ca/zR

exe.dropper

http://atmah.org/cK

exe.dropper

http://anturium-design.ru/Mgd6m2

Targets

    • Target

      5681907763cea067e8a1d9fdb3224bce_JaffaCakes118

    • Size

      64KB

    • MD5

      5681907763cea067e8a1d9fdb3224bce

    • SHA1

      8af34f39fa30568f5e0c28a82273ad38db6cc982

    • SHA256

      d791714bf515d2e6f3e709375cfe56171589f4359614487485836a9a23bb3da0

    • SHA512

      ed0d2407c4a753d6d65f08e3c7e4cbb2469d512fcb5be03956f674961d6c813f93722dde012009acd225563320d56ab50789af4a6421899eb4b3ce8469594c31

    • SSDEEP

      1536:WptJlmrJpmxlRw99NBz+aznMJD1R0PGrd:ate2dw99fbMJJRSGrd

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks