General
-
Target
694bac48a28d3207598f3f529891777a_JaffaCakes118
-
Size
251KB
-
Sample
240523-bxj9fagh63
-
MD5
694bac48a28d3207598f3f529891777a
-
SHA1
ef466f5a8b62baf802257e511773bf5a1c1ecd90
-
SHA256
b8cb6d816022529aef9c494f18a512773e78a79da62cd85b03e664fc6b801834
-
SHA512
cfa6c1fff8276396006f3fa29d1953b175ce0b422422a08d1b443af1cbae50a0c882f33188f0e962534e27c04cf637132ccd2b0efadbdc2d4500882bb3c6a988
-
SSDEEP
3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////e:C0uXnWFchmmcI/o1/Q2y3R6
Malware Config
Extracted
http://hoagietesting10.com/wp-content/SJ/
http://iscamenabe.com/wp-content/1PR/
http://vietmade.org/wp-admin/8/
http://www.filamchimovies.com/wp-admin/8/
https://strattonmobile.com/wp-content/yl/
https://blog.qgdxzs.com/wp-admin/I/
http://vietsex.pro/wp-content/PX/
Targets
-
-
Target
694bac48a28d3207598f3f529891777a_JaffaCakes118
-
Size
251KB
-
MD5
694bac48a28d3207598f3f529891777a
-
SHA1
ef466f5a8b62baf802257e511773bf5a1c1ecd90
-
SHA256
b8cb6d816022529aef9c494f18a512773e78a79da62cd85b03e664fc6b801834
-
SHA512
cfa6c1fff8276396006f3fa29d1953b175ce0b422422a08d1b443af1cbae50a0c882f33188f0e962534e27c04cf637132ccd2b0efadbdc2d4500882bb3c6a988
-
SSDEEP
3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////e:C0uXnWFchmmcI/o1/Q2y3R6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-