General

  • Target

    6c737c475da270441444ffa00b1b6b48_JaffaCakes118

  • Size

    66KB

  • Sample

    240523-2bg53abb82

  • MD5

    6c737c475da270441444ffa00b1b6b48

  • SHA1

    1e1423a84c7caecd9e64e531fad2d33b353fe86d

  • SHA256

    1429adfefb7c2af0e4e7644ff7b3ad55a10b558232a17b26008e7f92b4c907ba

  • SHA512

    1b17304c74f9d185c7532667338bb87aa7ac83fab0cbdd82418d2a83e38813bdb05c18fc94ff86b0440fb65447476be4a0ec55649efeb5017438d6f1a68c3ceb

  • SSDEEP

    768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiILaiW1Efo44/+7szlDsB8H:4ptJlmrJpmxlRw99NBN+aWO17mAa

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://frayd.com/KccPtp

exe.dropper

http://empiresys.com.sg/Zpa5Q70H

exe.dropper

http://eldridgelondon.com/nubOyShJ

exe.dropper

http://iclebyte.com/oWT

exe.dropper

http://kerasova-photo.ru/Yuv

Targets

    • Target

      6c737c475da270441444ffa00b1b6b48_JaffaCakes118

    • Size

      66KB

    • MD5

      6c737c475da270441444ffa00b1b6b48

    • SHA1

      1e1423a84c7caecd9e64e531fad2d33b353fe86d

    • SHA256

      1429adfefb7c2af0e4e7644ff7b3ad55a10b558232a17b26008e7f92b4c907ba

    • SHA512

      1b17304c74f9d185c7532667338bb87aa7ac83fab0cbdd82418d2a83e38813bdb05c18fc94ff86b0440fb65447476be4a0ec55649efeb5017438d6f1a68c3ceb

    • SSDEEP

      768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiILaiW1Efo44/+7szlDsB8H:4ptJlmrJpmxlRw99NBN+aWO17mAa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks