General

  • Target

    6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118

  • Size

    127KB

  • Sample

    240522-nrvjfadb42

  • MD5

    6720c81dce3d22d0f2ae8d201274cd40

  • SHA1

    80f53bcce783510e252c355e1542c132ed65ee26

  • SHA256

    a45d3b35611b3b583eead125932772f994245195979ed66acb0f18b4733a44c4

  • SHA512

    6e5f295082d6188d27f821cf8284c2a4281ca67897d914cafa91e49f9a8898e0b9c7302e810596dd1a460533e0c746bbca54a75a286a94a4b1bbf1a236bd5dbb

  • SSDEEP

    1536:6ptJlmrJpmxlRw99NBt+aa4nT43MxuFHU1Y5la81clutdi48tO:mte2dw99f3c34K5lH16uPpK

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://leadgagmedia.com/xysqgxCk

exe.dropper

http://inexlogistic.com/wSZXfo75k

exe.dropper

http://www.chillicothevets.com/2013/aX9vC46Ju

exe.dropper

http://www.emrsesp.com/PxM8Hqxw4p

exe.dropper

http://casinoonlinemaxbet.com/Ce03Fm8

Targets

    • Target

      6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118

    • Size

      127KB

    • MD5

      6720c81dce3d22d0f2ae8d201274cd40

    • SHA1

      80f53bcce783510e252c355e1542c132ed65ee26

    • SHA256

      a45d3b35611b3b583eead125932772f994245195979ed66acb0f18b4733a44c4

    • SHA512

      6e5f295082d6188d27f821cf8284c2a4281ca67897d914cafa91e49f9a8898e0b9c7302e810596dd1a460533e0c746bbca54a75a286a94a4b1bbf1a236bd5dbb

    • SSDEEP

      1536:6ptJlmrJpmxlRw99NBt+aa4nT43MxuFHU1Y5la81clutdi48tO:mte2dw99f3c34K5lH16uPpK

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks