General
-
Target
657c45ade4303bb41097337af74f446f_JaffaCakes118
-
Size
247KB
-
Sample
240522-bmma2sfh2z
-
MD5
657c45ade4303bb41097337af74f446f
-
SHA1
f4bc5c8995e3e799fa130fba23314f2f95050c6b
-
SHA256
b260a324f1d3b6135a4c52889fb0a4e436ddd6adb6ce61c380b25b33e3a05b80
-
SHA512
0167228d2527fc9a1454311ef429bf1eefb10d1e5b17abf0d261fcfed48b9b81a43209b078b02bf45186552479c269f178d11f1a235f6b4650521fc56e249b05
-
SSDEEP
6144:Q0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+p4z+cGAihG:Q0E3dxtR/iU9mvUPxbdhG
Malware Config
Extracted
http://abeafrique.org/-/wv4y-6w5-3697/
https://wlskdjfsa.000webhostapp.com/wp-admin/VbuFbbG/
http://blog.eliminavarici.com/wp-includes/fQbmzw/
http://87zn.com/wp-admin/be19e6-le6fjr-256/
http://bbv.borgmeier.media/wp-includes/runyp-zsv8cv-3508006/
Targets
-
-
Target
657c45ade4303bb41097337af74f446f_JaffaCakes118
-
Size
247KB
-
MD5
657c45ade4303bb41097337af74f446f
-
SHA1
f4bc5c8995e3e799fa130fba23314f2f95050c6b
-
SHA256
b260a324f1d3b6135a4c52889fb0a4e436ddd6adb6ce61c380b25b33e3a05b80
-
SHA512
0167228d2527fc9a1454311ef429bf1eefb10d1e5b17abf0d261fcfed48b9b81a43209b078b02bf45186552479c269f178d11f1a235f6b4650521fc56e249b05
-
SSDEEP
6144:Q0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+p4z+cGAihG:Q0E3dxtR/iU9mvUPxbdhG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-