Overview

overview

10

Static

static

1

63c72682e7...18.doc

windows7-x64

10

63c72682e7...18.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63c72682e7545f3bf50a75493946a695_JaffaCakes118

  • Size

    171KB

  • Sample

    240521-stctmaac57

  • MD5

    63c72682e7545f3bf50a75493946a695

  • SHA1

    b19051ce9c6873dc05744e9110ff9438c1f2d86d

  • SHA256

    25b4a5dd7a7aebc1e7d937e28819d8f708943caffad1eeb9e10ea1484def26c1

  • SHA512

    fd968a597994471fe1d23e172a66874fdeadf48a3306e6c31253e0a4a19c2f215efa77caa2c0541008dda27cc5bc9db8bf19c772c5c66656af0eb954949c2cfd

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7wcZaBz:Hs9ufsfgIf0pLscZKz

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/
exe.dropper

http://www.noramua.com/wp-content/Eb/
exe.dropper

http://chakteholistico.com/wp-includes/7c/
exe.dropper

https://zeitraisen.com/wordpress/GoG/
exe.dropper

http://gosmart-online.com/wp-includes/9/
exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/
exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      63c72682e7545f3bf50a75493946a695_JaffaCakes118

    • Size

      171KB

    • MD5

      63c72682e7545f3bf50a75493946a695

    • SHA1

      b19051ce9c6873dc05744e9110ff9438c1f2d86d

    • SHA256

      25b4a5dd7a7aebc1e7d937e28819d8f708943caffad1eeb9e10ea1484def26c1

    • SHA512

      fd968a597994471fe1d23e172a66874fdeadf48a3306e6c31253e0a4a19c2f215efa77caa2c0541008dda27cc5bc9db8bf19c772c5c66656af0eb954949c2cfd

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7wcZaBz:Hs9ufsfgIf0pLscZKz

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks