General

  • Target

    69ebf8825f865524df38bd5f9e751663_JaffaCakes118

  • Size

    44KB

  • Sample

    240523-ge83qsfe48

  • MD5

    69ebf8825f865524df38bd5f9e751663

  • SHA1

    ac492539a5a40330650bc06f3955b12e02705f22

  • SHA256

    82ba7aafb5c198a58c3aa0bb7ce9ba02c22beed8380388db0c0efa56d0f3d175

  • SHA512

    d1ffe87d8a65aa527877d06b74eecbe1f188d416f664e51881a6cb43e07605abeaabb400f0cb726fae9ab95ada6612663bd429204f8b5727903af653d6ac16bb

  • SSDEEP

    384:wIj8iSUR/8dArqNLi08krLuHzQjbuMZZzkExygcPEdEsKhb2YOPygTP0jWdtf:v/qMaLiE5bZZ19yhEd6yPJbl

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://54.244.182.87:80

Targets

    • Target

      69ebf8825f865524df38bd5f9e751663_JaffaCakes118

    • Size

      44KB

    • MD5

      69ebf8825f865524df38bd5f9e751663

    • SHA1

      ac492539a5a40330650bc06f3955b12e02705f22

    • SHA256

      82ba7aafb5c198a58c3aa0bb7ce9ba02c22beed8380388db0c0efa56d0f3d175

    • SHA512

      d1ffe87d8a65aa527877d06b74eecbe1f188d416f664e51881a6cb43e07605abeaabb400f0cb726fae9ab95ada6612663bd429204f8b5727903af653d6ac16bb

    • SSDEEP

      384:wIj8iSUR/8dArqNLi08krLuHzQjbuMZZzkExygcPEdEsKhb2YOPygTP0jWdtf:v/qMaLiE5bZZ19yhEd6yPJbl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks