General

  • Target

    652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118

  • Size

    117KB

  • Sample

    240521-3g3vdsdf43

  • MD5

    652fb562e9a2cf3eea8ce882d85a8d1c

  • SHA1

    7343a2a6eb7c0faa3d9d38883fc418929872a273

  • SHA256

    01479d5412d3c696d16ffa6b01f6a3378995229ccd14a55c15e4c642401ebd0d

  • SHA512

    66803778d6173454c73eb8827d0cc041847ed90843d2307a38858c5552636bc5eb4e5bb8d91488571810373afe1be735c985ffd118409261d5b5a15d91282a16

  • SSDEEP

    1536:sptJlmrJpmxlRw99NB7+aPoFkrUrjJbg7uy3ALv6Y95DYH8:ste2dw99fArSvALv1mc

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.willbcn.com/1Z

exe.dropper

http://atnea.org/YONh

exe.dropper

http://cosmoservicios.cl/lR0HYK

exe.dropper

http://zshongfeng168.com/aOK

exe.dropper

http://odessacard.com/wp-content/uploads/Pq0KLFkL

Targets

    • Target

      652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118

    • Size

      117KB

    • MD5

      652fb562e9a2cf3eea8ce882d85a8d1c

    • SHA1

      7343a2a6eb7c0faa3d9d38883fc418929872a273

    • SHA256

      01479d5412d3c696d16ffa6b01f6a3378995229ccd14a55c15e4c642401ebd0d

    • SHA512

      66803778d6173454c73eb8827d0cc041847ed90843d2307a38858c5552636bc5eb4e5bb8d91488571810373afe1be735c985ffd118409261d5b5a15d91282a16

    • SSDEEP

      1536:sptJlmrJpmxlRw99NB7+aPoFkrUrjJbg7uy3ALv6Y95DYH8:ste2dw99fArSvALv1mc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks