General

  • Target

    68ef722404e4af112ba46eda232674ea_JaffaCakes118

  • Size

    124KB

  • Sample

    240522-2zs78scc91

  • MD5

    68ef722404e4af112ba46eda232674ea

  • SHA1

    f224c26966a20721b7b76300f3f9d147e748784f

  • SHA256

    75ab57c48671a3b9245db793c0d4d071e22171792a944406881cfd2ca304fb07

  • SHA512

    409b91b92472ce8732830557a0b629dcb05f115b153e0a81e361310b8d34236583744297d5c118536a7ca44f6cda31195a7cb5a710fbe70b2d8b1461f1a1281a

  • SSDEEP

    1536:0ptJlmrJpmxlRw99NBc+asZWKkWnAUWzhhlHJcXR8HaCzFMh:Ete2dw99fdWKn1WzlMR8H

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.remcuahaiduong.com/YEem7E4l

exe.dropper

http://www.xiegangdian.com/wordpress/LLC/US_us/vYGPH8F

exe.dropper

http://idfutura.com/c44CB8ub

exe.dropper

http://bedrijfsnaamborden.nl/4eBGMr8

exe.dropper

http://www.jojocorpflorida.com/1g1avkTDu9

Targets

    • Target

      68ef722404e4af112ba46eda232674ea_JaffaCakes118

    • Size

      124KB

    • MD5

      68ef722404e4af112ba46eda232674ea

    • SHA1

      f224c26966a20721b7b76300f3f9d147e748784f

    • SHA256

      75ab57c48671a3b9245db793c0d4d071e22171792a944406881cfd2ca304fb07

    • SHA512

      409b91b92472ce8732830557a0b629dcb05f115b153e0a81e361310b8d34236583744297d5c118536a7ca44f6cda31195a7cb5a710fbe70b2d8b1461f1a1281a

    • SSDEEP

      1536:0ptJlmrJpmxlRw99NBc+asZWKkWnAUWzhhlHJcXR8HaCzFMh:Ete2dw99fdWKn1WzlMR8H

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks