General

  • Target

    6319ead80cd82034068a46661502d43b_JaffaCakes118

  • Size

    165KB

  • Sample

    240521-nds4fsbe98

  • MD5

    6319ead80cd82034068a46661502d43b

  • SHA1

    0bbdbcd04f008a7414fd0aeeee851f637dbc7388

  • SHA256

    4c18105194296546d95c34b35ebfb1447c31d838f8ef957143ed25e40ddb5d83

  • SHA512

    e0454dd31a2e6749d653ee0c20d17113a81e878f96595e30600d7477cffed5fac4215160441ebf7b53739251c7333fcf052e8b2209b3b69fc219a921ede8e1fd

  • SSDEEP

    3072:zte2dw99fDZzdaTTOoaQNff6OW4PBOEM2bvDhXpV6u:BHdw7WTCoaQNJOabv9XpV6u

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://emporioflorianopolis.com.br/multimedia/AH3dB5Y2h

exe.dropper

http://www.xianjiaopi.com/DTWn8HR6e

exe.dropper

http://ufindit.com.au/yO47HFVs

exe.dropper

http://www.lidersahtebalik.com.tr/44v1qfZIhA

exe.dropper

http://wpcouponsite.com/dttLyRtF

Targets

    • Target

      6319ead80cd82034068a46661502d43b_JaffaCakes118

    • Size

      165KB

    • MD5

      6319ead80cd82034068a46661502d43b

    • SHA1

      0bbdbcd04f008a7414fd0aeeee851f637dbc7388

    • SHA256

      4c18105194296546d95c34b35ebfb1447c31d838f8ef957143ed25e40ddb5d83

    • SHA512

      e0454dd31a2e6749d653ee0c20d17113a81e878f96595e30600d7477cffed5fac4215160441ebf7b53739251c7333fcf052e8b2209b3b69fc219a921ede8e1fd

    • SSDEEP

      3072:zte2dw99fDZzdaTTOoaQNff6OW4PBOEM2bvDhXpV6u:BHdw7WTCoaQNJOabv9XpV6u

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks