2cda89bd9cbc1c71ca3df9a192eaa2b51b8176d66ff537b62f8162ea7e8fa3f6

General

Target

61a93c67dbe831274e14795305afc681_JaffaCakes118
Size

85KB
Sample

240521-b8hjzsec64
MD5

61a93c67dbe831274e14795305afc681
SHA1

4800614e77148822325fdd6a012ff5db8d08cc4f
SHA256

2cda89bd9cbc1c71ca3df9a192eaa2b51b8176d66ff537b62f8162ea7e8fa3f6
SHA512

38673591d9b952780b5353751d24c01e9422afc807bd1b961402984605afe19196421cb7d5d46f38484ce6444a70cfcb5eacb87c32cfd1a6551f0476eab56843
SSDEEP

1536:IptJlmrJpmxlRw99NBZ+a5YuB2DZrVeoBE:Qte2dw99fsuBYZrom

Score

10^/10

macro macro_on_action

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://arkanddove.com/7Ts

exe.dropper

http://bearinmindstrategies.com/JZ2d

exe.dropper

http://bluemoonweather.org/tcp

exe.dropper

http://boczon.pl/Z

exe.dropper

http://antallez.com/Ct

Targets

- Target
  
  61a93c67dbe831274e14795305afc681_JaffaCakes118
- Size
  
  85KB
- MD5
  
  61a93c67dbe831274e14795305afc681
- SHA1
  
  4800614e77148822325fdd6a012ff5db8d08cc4f
- SHA256
  
  2cda89bd9cbc1c71ca3df9a192eaa2b51b8176d66ff537b62f8162ea7e8fa3f6
- SHA512
  
  38673591d9b952780b5353751d24c01e9422afc807bd1b961402984605afe19196421cb7d5d46f38484ce6444a70cfcb5eacb87c32cfd1a6551f0476eab56843
- SSDEEP
  
  1536:IptJlmrJpmxlRw99NBZ+a5YuB2DZrVeoBE:Qte2dw99fsuBYZrom
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2