General

  • Target

    645d21a8e9046506e6f030f860a91510_JaffaCakes118

  • Size

    203KB

  • Sample

    240521-xe2awsef44

  • MD5

    645d21a8e9046506e6f030f860a91510

  • SHA1

    c450ffb550d98776513912bbde01f55dd95d7173

  • SHA256

    0ce9c996ddfbc5a2982a748de79cf7bdfd2f741635c5c9b64ce91ff8af564833

  • SHA512

    ffbce0ab28e47aeb9bbc1918da02e1e7d5115895a1747426c54e99c62d2cd14cf77fea553cfb6f014343cb3636ce61635b4ec9c9dfafb890079d4fd0ef0919f9

  • SSDEEP

    3072:Rte2dw99fVDm6ZlBb6hbXzseu2EJXT6PxbYznmFRw2NWl5eZ5Y9XhsYPQ/rKd6jB:bHdw7FLUJsKEVKYu9LCnY

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bangkoktailor.biz/oLnXvdhAQR

exe.dropper

http://shvidenko.ru/c33nwsg

exe.dropper

http://apicecon.com.br/t2gwhvHx

exe.dropper

http://bartesol.org/cT5kG0TvXm

exe.dropper

http://hitratesolutions.org/JDlahHJgy

Targets

    • Target

      645d21a8e9046506e6f030f860a91510_JaffaCakes118

    • Size

      203KB

    • MD5

      645d21a8e9046506e6f030f860a91510

    • SHA1

      c450ffb550d98776513912bbde01f55dd95d7173

    • SHA256

      0ce9c996ddfbc5a2982a748de79cf7bdfd2f741635c5c9b64ce91ff8af564833

    • SHA512

      ffbce0ab28e47aeb9bbc1918da02e1e7d5115895a1747426c54e99c62d2cd14cf77fea553cfb6f014343cb3636ce61635b4ec9c9dfafb890079d4fd0ef0919f9

    • SSDEEP

      3072:Rte2dw99fVDm6ZlBb6hbXzseu2EJXT6PxbYznmFRw2NWl5eZ5Y9XhsYPQ/rKd6jB:bHdw7FLUJsKEVKYu9LCnY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks