General

  • Target

    677908fd021c3b11236be15b2c8bbb68_JaffaCakes118

  • Size

    105KB

  • Sample

    240522-q35jwsdf3v

  • MD5

    677908fd021c3b11236be15b2c8bbb68

  • SHA1

    73221cc5d4437bb59c83e9f4b229c7cad8235c6c

  • SHA256

    c021f15183907b7f08f1b42c102654c043fa7bf4ceb0f502be1f9d9dae1933f2

  • SHA512

    d328e33ce085117f45d3758ba6a7b4797e1ed0190cd0d113f379837c03b045be87afb8b36b8c9d689071784f6b448a6f0c556758f2f0bd9d8dd47509ba702812

  • SSDEEP

    1536:0TxjwKZ09cB7y9ghN8+mQ90MTT+aU1EGNpFukKH6FH:4xjnB29gb8on+EGNpFEaFH

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baza-shartash.ru/hkqXqT1

exe.dropper

http://anapapoliv.ru/Sp4na

exe.dropper

http://shorecrestschools.com/nnQkN

exe.dropper

http://comicole.com/2HZ

exe.dropper

http://elartedelaaccion.es/6Hyl

Targets

    • Target

      677908fd021c3b11236be15b2c8bbb68_JaffaCakes118

    • Size

      105KB

    • MD5

      677908fd021c3b11236be15b2c8bbb68

    • SHA1

      73221cc5d4437bb59c83e9f4b229c7cad8235c6c

    • SHA256

      c021f15183907b7f08f1b42c102654c043fa7bf4ceb0f502be1f9d9dae1933f2

    • SHA512

      d328e33ce085117f45d3758ba6a7b4797e1ed0190cd0d113f379837c03b045be87afb8b36b8c9d689071784f6b448a6f0c556758f2f0bd9d8dd47509ba702812

    • SSDEEP

      1536:0TxjwKZ09cB7y9ghN8+mQ90MTT+aU1EGNpFukKH6FH:4xjnB29gb8on+EGNpFEaFH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks