General

  • Target

    631de240ea26fcf9807312ba12e69ede_JaffaCakes118

  • Size

    79KB

  • Sample

    240521-nhbpzabg56

  • MD5

    631de240ea26fcf9807312ba12e69ede

  • SHA1

    01a1f443d4303af08c8847a0169c8c1e6e51beec

  • SHA256

    50c4e66b9f3cbbab3298dc9113b16e485c17feecf296cab4829607942e6b63d2

  • SHA512

    4de5314931d534a3ea015a60fd06d3f1dcb5b7822f5db9e9eef26d40c813ab7a760b78241aa4eb6290e51c03e840f6de7a6d552ca7987f289797be9c6b0fba53

  • SSDEEP

    768:jpJcaUitGAlmrJpmxlzC+w99NBc+1onPkfUzN9Jfmnn0+mEiIOf:jptJlmrJpmxlRw99NBc+an/NrOnnO7r

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://optics-line.com/JA

exe.dropper

http://ironspot.com/GAsC

exe.dropper

http://montegrappa.com.pa/VzEQMY

exe.dropper

http://kristianmarlow.com/6DHJZlP

exe.dropper

http://carriedavenport.com/priv_stats/8h7XXDJW

Targets

    • Target

      631de240ea26fcf9807312ba12e69ede_JaffaCakes118

    • Size

      79KB

    • MD5

      631de240ea26fcf9807312ba12e69ede

    • SHA1

      01a1f443d4303af08c8847a0169c8c1e6e51beec

    • SHA256

      50c4e66b9f3cbbab3298dc9113b16e485c17feecf296cab4829607942e6b63d2

    • SHA512

      4de5314931d534a3ea015a60fd06d3f1dcb5b7822f5db9e9eef26d40c813ab7a760b78241aa4eb6290e51c03e840f6de7a6d552ca7987f289797be9c6b0fba53

    • SSDEEP

      768:jpJcaUitGAlmrJpmxlzC+w99NBc+1onPkfUzN9Jfmnn0+mEiIOf:jptJlmrJpmxlRw99NBc+an/NrOnnO7r

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks