General
-
Target
694a76b09d502b6d0cf0f9f0eb3e203d_JaffaCakes118
-
Size
220KB
-
Sample
240523-bwmyyagf4x
-
MD5
694a76b09d502b6d0cf0f9f0eb3e203d
-
SHA1
ba55e49aef510478e66c0b5571370a2c3a9eb9ff
-
SHA256
9949e3d333621f908c51a04136a6b85f266068d36c239f2ae844bb50e4cd4bf5
-
SHA512
ecf84e8dc9c540d861eac992666cc3ad1962cf41749037f03d426c351969e29dc9e7529558dfdcc239c4571002c41a22d1f9bd72064fdd0d960d1bfc30b460ff
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpLSGju9jDW1M+7Qp3S:EtcnvE140o8tIP4ap8jDjmGS
Malware Config
Extracted
http://hottco.com/stats/erd/
http://dutarini.com/cgi-bin/6/
https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/
http://pastaciyiz.biz/wp-includes/fvx/
https://dogaltrm.com/components/r6h/
https://dortislem.net/administrator/c/
https://onyourleftracing.com/cgi-bin/QcC/
Targets
-
-
Target
694a76b09d502b6d0cf0f9f0eb3e203d_JaffaCakes118
-
Size
220KB
-
MD5
694a76b09d502b6d0cf0f9f0eb3e203d
-
SHA1
ba55e49aef510478e66c0b5571370a2c3a9eb9ff
-
SHA256
9949e3d333621f908c51a04136a6b85f266068d36c239f2ae844bb50e4cd4bf5
-
SHA512
ecf84e8dc9c540d861eac992666cc3ad1962cf41749037f03d426c351969e29dc9e7529558dfdcc239c4571002c41a22d1f9bd72064fdd0d960d1bfc30b460ff
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpLSGju9jDW1M+7Qp3S:EtcnvE140o8tIP4ap8jDjmGS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-