General

  • Target

    63d9ae5032008d07faf3afbf264419aa_JaffaCakes118

  • Size

    133KB

  • Sample

    240521-s948taah63

  • MD5

    63d9ae5032008d07faf3afbf264419aa

  • SHA1

    6ecd2296dc1c48770b11bee7871b76dbb204fb5d

  • SHA256

    be8f9be99687c83232fee84e644c4c9a7d781b9762dc494af53f2572eceeadf2

  • SHA512

    9d60168da964835ad2cc590ef1518bbfb0f7872b5d3a2ab57d0d38bfa06f7d88c12b87cd0c2f59fd3b344bab83671ee12f58df959aac0f55f73ba8e35c1d9a18

  • SSDEEP

    1536:tptJlmrJpmxlRw99NBk+aobJ8g06G/sLX28/M4VUcTStEVZppeODa7ssaL:zte2dw99fvrt/MuUcxZpra7la

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://compactdmc.com/pBndq2bo

exe.dropper

http://psakpk.com/VXpBqwFuP7

exe.dropper

http://gorkembaba.xyz/7iOPTHf

exe.dropper

http://vivavidakardec.org/uqhD3JLKiG

exe.dropper

http://profsouz55.ru/6hSSkB3I

Targets

    • Target

      63d9ae5032008d07faf3afbf264419aa_JaffaCakes118

    • Size

      133KB

    • MD5

      63d9ae5032008d07faf3afbf264419aa

    • SHA1

      6ecd2296dc1c48770b11bee7871b76dbb204fb5d

    • SHA256

      be8f9be99687c83232fee84e644c4c9a7d781b9762dc494af53f2572eceeadf2

    • SHA512

      9d60168da964835ad2cc590ef1518bbfb0f7872b5d3a2ab57d0d38bfa06f7d88c12b87cd0c2f59fd3b344bab83671ee12f58df959aac0f55f73ba8e35c1d9a18

    • SSDEEP

      1536:tptJlmrJpmxlRw99NBk+aobJ8g06G/sLX28/M4VUcTStEVZppeODa7ssaL:zte2dw99fvrt/MuUcxZpra7la

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks