General

  • Target

    674cd7972580c8018ee78535d154757e_JaffaCakes118

  • Size

    66KB

  • Sample

    240522-pxd93sbf97

  • MD5

    674cd7972580c8018ee78535d154757e

  • SHA1

    96054cfe8daa9ee0b993924083e54ce5c909bc12

  • SHA256

    9a719afc937416f57b260e195384cb89fd72388fb25afe7e392063e5d06d4696

  • SHA512

    198bcc721009b68bbdc1a02047cda6efcec09480dfa7d5f20619da479629b921c9a477f67a71fd57b1671865262e9637ffcca6d02c45cecd0902eac4d20239f7

  • SSDEEP

    768:9pJcaUitGAlmrJpmxlzC+w99NBh+1oW1408ZM9uRt7OwL2Pnc9:9ptJlmrJpmxlRw99NBh+aW1ZFAhL2k

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://familiekoning.net/Sw51duCIY

exe.dropper

http://website.vtoc.vn/demo/hailoc/wp-snapshots/JeHXbk6WzM

exe.dropper

http://librusfan.ru/271vNHA

exe.dropper

http://tomas.datanom.fi/testlab/VJ1t3ol

exe.dropper

http://altarfx.com/8Es5z7sVJL

Targets

    • Target

      674cd7972580c8018ee78535d154757e_JaffaCakes118

    • Size

      66KB

    • MD5

      674cd7972580c8018ee78535d154757e

    • SHA1

      96054cfe8daa9ee0b993924083e54ce5c909bc12

    • SHA256

      9a719afc937416f57b260e195384cb89fd72388fb25afe7e392063e5d06d4696

    • SHA512

      198bcc721009b68bbdc1a02047cda6efcec09480dfa7d5f20619da479629b921c9a477f67a71fd57b1671865262e9637ffcca6d02c45cecd0902eac4d20239f7

    • SSDEEP

      768:9pJcaUitGAlmrJpmxlzC+w99NBh+1oW1408ZM9uRt7OwL2Pnc9:9ptJlmrJpmxlRw99NBh+aW1ZFAhL2k

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks