General

  • Target

    6454ed4dd10dee9aac274394218ad78d_JaffaCakes118

  • Size

    149KB

  • Sample

    240521-w8zhqaed22

  • MD5

    6454ed4dd10dee9aac274394218ad78d

  • SHA1

    7fe35481075fb22265bebbef297bb3e4d5e91f3e

  • SHA256

    18921eafa333987b16c94b0894fabba2850ad7e776dab51534dc9066b26665cf

  • SHA512

    58a30aa374945abbe9e98cc99387621f69095ba65b2a1f990d24dc6193eaf3e3883954b42758d6433925928087e278de3ef8ec97468348f8ac920a77da19017c

  • SSDEEP

    3072:fte2dw99fV98C9DB4SEiz5/xXd5D73JCU:VHdw7j9oiz5/1dZ73J

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://sumatibalwan.org/CmlQxHtX

exe.dropper

http://korza.net/RoLmnXkJT

exe.dropper

http://www.guolinv.com/Hr0EX2Ejaw

exe.dropper

http://www.gorcomrep.ru/RhmJkk3IuM

exe.dropper

http://www.accessoirecamion.com/wp-content/jSzKUuNvo

Targets

    • Target

      6454ed4dd10dee9aac274394218ad78d_JaffaCakes118

    • Size

      149KB

    • MD5

      6454ed4dd10dee9aac274394218ad78d

    • SHA1

      7fe35481075fb22265bebbef297bb3e4d5e91f3e

    • SHA256

      18921eafa333987b16c94b0894fabba2850ad7e776dab51534dc9066b26665cf

    • SHA512

      58a30aa374945abbe9e98cc99387621f69095ba65b2a1f990d24dc6193eaf3e3883954b42758d6433925928087e278de3ef8ec97468348f8ac920a77da19017c

    • SSDEEP

      3072:fte2dw99fV98C9DB4SEiz5/xXd5D73JCU:VHdw7j9oiz5/1dZ73J

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks