General

  • Target

    61ec2709f3399525cd05431be64ebacf_JaffaCakes118

  • Size

    93KB

  • Sample

    240521-d985fagd23

  • MD5

    61ec2709f3399525cd05431be64ebacf

  • SHA1

    1cabd6a483a701854983b25f5f7d9402ed472d4b

  • SHA256

    4f0b2f0c250ce16a6d6fdaf268121fe646271de188ba0a02deabbf348ef490a0

  • SHA512

    b3fc9ee0e81dfbac0e15093628df6465bcf8a15e5d130198be8c3d4403fb6648f781d2f908de8eb7916046aedeb55160986754397cf4474a69d90f5975aa2013

  • SSDEEP

    768:hpJcaUitGAlmrJpmxlzC+w99NB55D+1od2rUPJVogB+/sDy1IDJynMviAgpLApk:hptJlmrJpmxlRw99NBj+aDHWWyndA

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://audioauthorities.com/9B0

exe.dropper

http://tandleaccountancy.co.uk/ZDSIM

exe.dropper

http://thecardz.com/NTGpsf

exe.dropper

http://xuatbangiadinh.vn/H

exe.dropper

http://xn--b1axgdf5j.xn--j1amh/a

Targets

    • Target

      61ec2709f3399525cd05431be64ebacf_JaffaCakes118

    • Size

      93KB

    • MD5

      61ec2709f3399525cd05431be64ebacf

    • SHA1

      1cabd6a483a701854983b25f5f7d9402ed472d4b

    • SHA256

      4f0b2f0c250ce16a6d6fdaf268121fe646271de188ba0a02deabbf348ef490a0

    • SHA512

      b3fc9ee0e81dfbac0e15093628df6465bcf8a15e5d130198be8c3d4403fb6648f781d2f908de8eb7916046aedeb55160986754397cf4474a69d90f5975aa2013

    • SSDEEP

      768:hpJcaUitGAlmrJpmxlzC+w99NB55D+1od2rUPJVogB+/sDy1IDJynMviAgpLApk:hptJlmrJpmxlRw99NBj+aDHWWyndA

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks