General

  • Target

    62250326cb08b17e78ca1ae8481e8bcaJaffaCakes118

  • Size

    265KB

  • Sample

    240523-as5txaeg5t

  • MD5

    62250326cb08b17e78ca1ae8481e8bca

  • SHA1

    601c203fc3f32264800cfd920bf00d0626e417d2

  • SHA256

    72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c

  • SHA512

    1f4659f1733fd7d4accb27a0cf7d8d0ef9638a2b277a214af220cde8811671d1de52391b64bc535acdc559dae4004204b00cbd247c150d35b6df3b1d274dba9f

  • SSDEEP

    3072:5OzPM83524CCyCyMmq5YZF8yDtAKPzjL/xSu90OoiLuDKZXfwKeljR1k:sb25CFk8stRbxUOmD+XfwLg

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://localfreelancersng.com/JJ5na9IyL

exe.dropper

http://pobedastaff.ru/6iYWKl5I_MG

exe.dropper

http://wellbeinghomecareservices.co.uk/A9Y90usX88aRT

exe.dropper

http://vkckd.kultkam.ru/QUxQZUG_9i

exe.dropper

http://beautyandbrainsmagazine.site/cfmGNuDVbnc50bks

Targets

    • Target

      62250326cb08b17e78ca1ae8481e8bcaJaffaCakes118

    • Size

      265KB

    • MD5

      62250326cb08b17e78ca1ae8481e8bca

    • SHA1

      601c203fc3f32264800cfd920bf00d0626e417d2

    • SHA256

      72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c

    • SHA512

      1f4659f1733fd7d4accb27a0cf7d8d0ef9638a2b277a214af220cde8811671d1de52391b64bc535acdc559dae4004204b00cbd247c150d35b6df3b1d274dba9f

    • SSDEEP

      3072:5OzPM83524CCyCyMmq5YZF8yDtAKPzjL/xSu90OoiLuDKZXfwKeljR1k:sb25CFk8stRbxUOmD+XfwLg

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks