General

  • Target

    57fd2803e3dbbf616fc49d8025091d47_JaffaCakes118

  • Size

    268KB

  • Sample

    240519-cbj7zscd7v

  • MD5

    57fd2803e3dbbf616fc49d8025091d47

  • SHA1

    cd86170b2b48e27864fd609f242025fd93ba8b20

  • SHA256

    e4d224c235d50df0999db39e875147af9a15d44987b765c0361733a41758f69f

  • SHA512

    784682b967f5b2409285a641a3497188932946ad924da861e07f79461d8f982e506440e6a28927f9ee6fc6471ba265dcd5c4430d8fca18dfff74e84d0d3dcffb

  • SSDEEP

    6144:cCwQK3RpVS7G4SVuz1QzLhxztsZGPwtM:eQQLGSVuz1QHhxztCtM

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://conhantaolico.com/34hxFYGbRM

exe.dropper

http://dep123.com/kctF66Z4Ns

exe.dropper

http://debestetelecomdeals.nl/fSERpV1oMK

exe.dropper

http://deleukstesexspeeltjes.nl/mDXN5EUS8

exe.dropper

http://www.tubeian.com/TQjVVcg

Targets

    • Target

      57fd2803e3dbbf616fc49d8025091d47_JaffaCakes118

    • Size

      268KB

    • MD5

      57fd2803e3dbbf616fc49d8025091d47

    • SHA1

      cd86170b2b48e27864fd609f242025fd93ba8b20

    • SHA256

      e4d224c235d50df0999db39e875147af9a15d44987b765c0361733a41758f69f

    • SHA512

      784682b967f5b2409285a641a3497188932946ad924da861e07f79461d8f982e506440e6a28927f9ee6fc6471ba265dcd5c4430d8fca18dfff74e84d0d3dcffb

    • SSDEEP

      6144:cCwQK3RpVS7G4SVuz1QzLhxztsZGPwtM:eQQLGSVuz1QHhxztCtM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks