General

  • Target

    64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118

  • Size

    44KB

  • Sample

    240521-zstt3sac67

  • MD5

    64c0443c20726159d0fd6c4cc91daab6

  • SHA1

    39c7a179b61896b7cd056eb206ce4a6aa18abb7b

  • SHA256

    aec61fa097846f21b4be61f9fcf55e99b1f06fde331135b50da1fef2c7332d18

  • SHA512

    18c6574621ffc5eb6167a54a1388595af3ab63b4be2521187e0939a9c8400e69aa477b477d29f35aa3304e6116e3bc2d4024cc87c059a6176c9a409789c94b64

  • SSDEEP

    384:wVU8iSUR/8dAqqNLi08krJuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jzNta:l/qtaLiEbbZZ19yhEd6yPJJk

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://54.244.182.87:80

Targets

    • Target

      64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118

    • Size

      44KB

    • MD5

      64c0443c20726159d0fd6c4cc91daab6

    • SHA1

      39c7a179b61896b7cd056eb206ce4a6aa18abb7b

    • SHA256

      aec61fa097846f21b4be61f9fcf55e99b1f06fde331135b50da1fef2c7332d18

    • SHA512

      18c6574621ffc5eb6167a54a1388595af3ab63b4be2521187e0939a9c8400e69aa477b477d29f35aa3304e6116e3bc2d4024cc87c059a6176c9a409789c94b64

    • SSDEEP

      384:wVU8iSUR/8dAqqNLi08krJuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jzNta:l/qtaLiEbbZZ19yhEd6yPJJk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks