72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c | Triage

Sharing

General

Target

62250326cb08b17e78ca1ae8481e8bcaJaffaCakes118
Size

265KB
Sample

240523-as5txaeg5t
MD5

62250326cb08b17e78ca1ae8481e8bca
SHA1

601c203fc3f32264800cfd920bf00d0626e417d2
SHA256

72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c
SHA512

1f4659f1733fd7d4accb27a0cf7d8d0ef9638a2b277a214af220cde8811671d1de52391b64bc535acdc559dae4004204b00cbd247c150d35b6df3b1d274dba9f
SSDEEP

3072:5OzPM83524CCyCyMmq5YZF8yDtAKPzjL/xSu90OoiLuDKZXfwKeljR1k:sb25CFk8stRbxUOmD+XfwLg

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://localfreelancersng.com/JJ5na9IyL

exe.dropper

http://pobedastaff.ru/6iYWKl5I_MG

exe.dropper

http://wellbeinghomecareservices.co.uk/A9Y90usX88aRT

exe.dropper

http://vkckd.kultkam.ru/QUxQZUG_9i

exe.dropper

http://beautyandbrainsmagazine.site/cfmGNuDVbnc50bks

Targets

- Target
  
  62250326cb08b17e78ca1ae8481e8bcaJaffaCakes118
- Size
  
  265KB
- MD5
  
  62250326cb08b17e78ca1ae8481e8bca
- SHA1
  
  601c203fc3f32264800cfd920bf00d0626e417d2
- SHA256
  
  72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c
- SHA512
  
  1f4659f1733fd7d4accb27a0cf7d8d0ef9638a2b277a214af220cde8811671d1de52391b64bc535acdc559dae4004204b00cbd247c150d35b6df3b1d274dba9f
- SSDEEP
  
  3072:5OzPM83524CCyCyMmq5YZF8yDtAKPzjL/xSu90OoiLuDKZXfwKeljR1k:sb25CFk8stRbxUOmD+XfwLg
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2