General

  • Target

    65fe81b57a7ec64e494d103b7bdceeea_JaffaCakes118

  • Size

    170KB

  • Sample

    240522-e2r2maca47

  • MD5

    65fe81b57a7ec64e494d103b7bdceeea

  • SHA1

    01781d13541c5f57dc322a6d6112ec41dad45a53

  • SHA256

    c330894b6b984a10a7fcaaa7978d8db06855114ef52b8a208681b4bd693c15dd

  • SHA512

    24fb9d2322634c7e3c25479106812de4c8660faa03fafc99e55a3ba8da157b09f791cade71b9b4adccf85a602edebb0bdcfa7ff90b297e7aee93ffa805ef2fc2

  • SSDEEP

    3072:zte2dw99fD0zdaTTOoaQNff6OW4PBOEM2GvDhXpV6u:BHdw7dTCoaQNJOaGv9XpV6u

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://emporioflorianopolis.com.br/multimedia/AH3dB5Y2h

exe.dropper

http://www.xianjiaopi.com/DTWn8HR6e

exe.dropper

http://ufindit.com.au/yO47HFVs

exe.dropper

http://www.lidersahtebalik.com.tr/44v1qfZIhA

exe.dropper

http://wpcouponsite.com/dttLyRtF

Targets

    • Target

      65fe81b57a7ec64e494d103b7bdceeea_JaffaCakes118

    • Size

      170KB

    • MD5

      65fe81b57a7ec64e494d103b7bdceeea

    • SHA1

      01781d13541c5f57dc322a6d6112ec41dad45a53

    • SHA256

      c330894b6b984a10a7fcaaa7978d8db06855114ef52b8a208681b4bd693c15dd

    • SHA512

      24fb9d2322634c7e3c25479106812de4c8660faa03fafc99e55a3ba8da157b09f791cade71b9b4adccf85a602edebb0bdcfa7ff90b297e7aee93ffa805ef2fc2

    • SSDEEP

      3072:zte2dw99fD0zdaTTOoaQNff6OW4PBOEM2GvDhXpV6u:BHdw7dTCoaQNJOaGv9XpV6u

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks