General

  • Target

    568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118

  • Size

    83KB

  • Sample

    240518-yt3ypsde38

  • MD5

    568bbd57755c1f7069f20e580cb46fc8

  • SHA1

    3907c8890f5bd79a4fb7ca33325d4dddcc90dbc0

  • SHA256

    aedf07cd6d354738b087dfee116cbea4c07bb8b13faa82ad8eff925c553dcc5e

  • SHA512

    dffed863dba7f72dcf3ed1f18c8092a3ccce5d38070f59a0c1064d5ece267b3d67deceb3816a02396eec39625d76675dcf90207935fff93e36a2aea42ad0db51

  • SSDEEP

    1536:KptJlmrJpmxlRw99NBT+aVA9EB70iz4lSfie:Wte2dw99fW9E

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://menricus.eu/jkJN9v1r

exe.dropper

http://drclaudiadiez.com/6u

exe.dropper

http://dolhun.pl/pub/q12K

exe.dropper

http://bdhyman.com/pXH9xty

exe.dropper

http://ahlihosting.com/NktXvPt

Targets

    • Target

      568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118

    • Size

      83KB

    • MD5

      568bbd57755c1f7069f20e580cb46fc8

    • SHA1

      3907c8890f5bd79a4fb7ca33325d4dddcc90dbc0

    • SHA256

      aedf07cd6d354738b087dfee116cbea4c07bb8b13faa82ad8eff925c553dcc5e

    • SHA512

      dffed863dba7f72dcf3ed1f18c8092a3ccce5d38070f59a0c1064d5ece267b3d67deceb3816a02396eec39625d76675dcf90207935fff93e36a2aea42ad0db51

    • SSDEEP

      1536:KptJlmrJpmxlRw99NBT+aVA9EB70iz4lSfie:Wte2dw99fW9E

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks