General
-
Target
68fb79964f8c30cb9f75738bb6ab96df_JaffaCakes118
-
Size
175KB
-
Sample
240522-3b77xsch89
-
MD5
68fb79964f8c30cb9f75738bb6ab96df
-
SHA1
ecb9e28f02cd7f5a7d026fcd14e312b9c7534303
-
SHA256
8d56a8ad6afa592ed46d6a295b2246ed8b80ee67007799c62b7280a0e953f2c3
-
SHA512
ad8dc182ade31b32e47584bd34a56ce17eb714b8a31370b6aa5caa3e0ca1d95d90e2506b3f89eaf6e917befc8336177c142e272da139642d834373b72962131f
-
SSDEEP
3072:Lu2y/GdybktGDWLS0HZWD5w8K7Nk98D7IBUB/F4aqA9O:Lu2k4btGiL3HJk98D7bBdZqA0
Behavioral task
behavioral1
Sample
68fb79964f8c30cb9f75738bb6ab96df_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
68fb79964f8c30cb9f75738bb6ab96df_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://bashirahindonesia.com/wp-admin/LBPLS7/
http://nn.5ctelematics.com/temp/qck7s/
http://karnatakatoursandtravels.com/cli/wBeE3l1Fs/
https://soaponline.org/cgi-bin/wyi/
https://eldodesign.com/eldo/89t8u/
Targets
-
-
Target
68fb79964f8c30cb9f75738bb6ab96df_JaffaCakes118
-
Size
175KB
-
MD5
68fb79964f8c30cb9f75738bb6ab96df
-
SHA1
ecb9e28f02cd7f5a7d026fcd14e312b9c7534303
-
SHA256
8d56a8ad6afa592ed46d6a295b2246ed8b80ee67007799c62b7280a0e953f2c3
-
SHA512
ad8dc182ade31b32e47584bd34a56ce17eb714b8a31370b6aa5caa3e0ca1d95d90e2506b3f89eaf6e917befc8336177c142e272da139642d834373b72962131f
-
SSDEEP
3072:Lu2y/GdybktGDWLS0HZWD5w8K7Nk98D7IBUB/F4aqA9O:Lu2k4btGiL3HJk98D7bBdZqA0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-