General

  • Target

    57ca9a5c95cd9326743975c8ccbafa98_JaffaCakes118

  • Size

    83KB

  • Sample

    240519-bfnwasaa8w

  • MD5

    57ca9a5c95cd9326743975c8ccbafa98

  • SHA1

    3e29c66cbe81e058d505fbdf323a731af2593a20

  • SHA256

    56560244c10725661279c73f3d48d821041b61a3dfecfa027e0c5ee90013a3e1

  • SHA512

    69860165e89117d7554f75b57cac136ce8c778af34112374f42a82a3cd1e91d4f5ad5454d206cd31acbc559b09d2f32827eba7131eac8550137f8cf3828fe4df

  • SSDEEP

    1536:tptJlmrJpmxlRw99NBf+aHEwy134L/Ojsn/orH/Dz:zte2dw99fhy1IL/csQrH/

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://lunamarialovelife.com/BGbuRaCy

exe.dropper

http://scotthagar.com/wQf4xNY

exe.dropper

http://vjencanjazagreb.hr/GsRrp

exe.dropper

http://challengerballtournament.com/tZH0dI

exe.dropper

http://xn--12cbq4codld5bxbqy5hych1ap4b0a4mugg.tk/jEKcM

Targets

    • Target

      57ca9a5c95cd9326743975c8ccbafa98_JaffaCakes118

    • Size

      83KB

    • MD5

      57ca9a5c95cd9326743975c8ccbafa98

    • SHA1

      3e29c66cbe81e058d505fbdf323a731af2593a20

    • SHA256

      56560244c10725661279c73f3d48d821041b61a3dfecfa027e0c5ee90013a3e1

    • SHA512

      69860165e89117d7554f75b57cac136ce8c778af34112374f42a82a3cd1e91d4f5ad5454d206cd31acbc559b09d2f32827eba7131eac8550137f8cf3828fe4df

    • SSDEEP

      1536:tptJlmrJpmxlRw99NBf+aHEwy134L/Ojsn/orH/Dz:zte2dw99fhy1IL/csQrH/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks