General

  • Target

    56c3c050403e1ccda89c6c7062b5a73f_JaffaCakes118

  • Size

    275KB

  • Sample

    240518-zths7sfg65

  • MD5

    56c3c050403e1ccda89c6c7062b5a73f

  • SHA1

    cda448e2871df88c9f38bde507a96b7516d20d91

  • SHA256

    b43b70c046a3840d498f82f83323e3bde1de1c04f044dc7f61f4ebd3a355636d

  • SHA512

    9a4ae3742aa098cf20c3f327316afb4466dbd7db14ada5a3827b0fe73510cb3c9b94e548873338c00197bf4307664a04faab1011cb59e59a533992e25828a37a

  • SSDEEP

    6144:DEgwZAmFs8q22sd0F04fuzQF8Zyj9za4NZPTk:DEpZAwRzd07fuG8Zyjpa4jw

Score
10/10

Malware Config

Targets

    • Target

      56c3c050403e1ccda89c6c7062b5a73f_JaffaCakes118

    • Size

      275KB

    • MD5

      56c3c050403e1ccda89c6c7062b5a73f

    • SHA1

      cda448e2871df88c9f38bde507a96b7516d20d91

    • SHA256

      b43b70c046a3840d498f82f83323e3bde1de1c04f044dc7f61f4ebd3a355636d

    • SHA512

      9a4ae3742aa098cf20c3f327316afb4466dbd7db14ada5a3827b0fe73510cb3c9b94e548873338c00197bf4307664a04faab1011cb59e59a533992e25828a37a

    • SSDEEP

      6144:DEgwZAmFs8q22sd0F04fuzQF8Zyj9za4NZPTk:DEpZAwRzd07fuG8Zyjpa4jw

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks