General

  • Target

    68d5f66df460cd50a2293b61755f8cfc_JaffaCakes118

  • Size

    181KB

  • Sample

    240522-1962eaba6y

  • MD5

    68d5f66df460cd50a2293b61755f8cfc

  • SHA1

    a709c61f90991220154b71d110578d4dfb7196b6

  • SHA256

    49e036cc8c59a83ee290f04d7fc143970ebc95c9d3d8d1ca048134091e989346

  • SHA512

    c0d3e9c309f469d9377461a55a91c1ea04f9157cf6b002ecb2a3c69d957a829b865fccdcc48955ab1b246ddf1d5d897cd6ddddb461ad7d25dc050cdb7cb186fc

  • SSDEEP

    3072:P8AOfnpC8pN7tpTBOIM7zVHSLbXTWgzGUXeE3aR5rnj:P8AOfpC8pN7tpTBOI+VHSfXTWMfHaR5f

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://krems-bedachungen.de/fyKDV/

exe.dropper

http://4glory.net/btKzNVlg/

exe.dropper

http://angelabphotography.com/4hR1e/

exe.dropper

http://dekormc.pl/js/ncrILdi/

Targets

    • Target

      68d5f66df460cd50a2293b61755f8cfc_JaffaCakes118

    • Size

      181KB

    • MD5

      68d5f66df460cd50a2293b61755f8cfc

    • SHA1

      a709c61f90991220154b71d110578d4dfb7196b6

    • SHA256

      49e036cc8c59a83ee290f04d7fc143970ebc95c9d3d8d1ca048134091e989346

    • SHA512

      c0d3e9c309f469d9377461a55a91c1ea04f9157cf6b002ecb2a3c69d957a829b865fccdcc48955ab1b246ddf1d5d897cd6ddddb461ad7d25dc050cdb7cb186fc

    • SSDEEP

      3072:P8AOfnpC8pN7tpTBOIM7zVHSLbXTWgzGUXeE3aR5rnj:P8AOfpC8pN7tpTBOI+VHSfXTWMfHaR5f

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks