General
-
Target
65a199d9d093328880fffe341f9b20ef_JaffaCakes118
-
Size
193KB
-
Sample
240522-chynysgh49
-
MD5
65a199d9d093328880fffe341f9b20ef
-
SHA1
a117d4ca2294323d2bc3adcdd6e8948617290233
-
SHA256
0afb7c179025ddfba82f253e521171894baccb916aadce3f0c6cd8014f706940
-
SHA512
92ba6b5e1c69a6499122afa7bbc8388c6f1401df76c9bfe6cc6627349a72bc2fac0f703e79fbf19f4b2af1fe88cb922f90a63eb72cf64a3aae01af1db33b5089
-
SSDEEP
1536:+rdi1Ir77zOH98Wj2gpng9+a9jk1q9Dba/qrHEs+nPyNdOx74en:+rfrzOH98ipghva/qTX+nPyLOBBn
Behavioral task
behavioral1
Sample
65a199d9d093328880fffe341f9b20ef_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
65a199d9d093328880fffe341f9b20ef_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://zplusshopping.com/wp-content/plugins/8ek/
https://www.cupgel.com/__MACOSX/3/
http://freespiritmind.com/MASD/HowTo/css/J/
http://crewnecksusa.com/wp-content/NJ/
http://www.dougsuniverse.com/pics/yL8/
https://idilsoft.com/admin/B/
https://guhaasmart.com/wp-content/s/
Targets
-
-
Target
65a199d9d093328880fffe341f9b20ef_JaffaCakes118
-
Size
193KB
-
MD5
65a199d9d093328880fffe341f9b20ef
-
SHA1
a117d4ca2294323d2bc3adcdd6e8948617290233
-
SHA256
0afb7c179025ddfba82f253e521171894baccb916aadce3f0c6cd8014f706940
-
SHA512
92ba6b5e1c69a6499122afa7bbc8388c6f1401df76c9bfe6cc6627349a72bc2fac0f703e79fbf19f4b2af1fe88cb922f90a63eb72cf64a3aae01af1db33b5089
-
SSDEEP
1536:+rdi1Ir77zOH98Wj2gpng9+a9jk1q9Dba/qrHEs+nPyNdOx74en:+rfrzOH98ipghva/qTX+nPyLOBBn
Score10/10-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-