General

  • Target

    6a82ee76b4079c545ed72fb4b8ea18f4_JaffaCakes118

  • Size

    136KB

  • Sample

    240523-llsrjscb48

  • MD5

    6a82ee76b4079c545ed72fb4b8ea18f4

  • SHA1

    e979551b893342e7c8fe56613b9ad818ce4b5cb2

  • SHA256

    9e81657347bd10e9f214b01e99089e7d9fba91194eab2745fe04ae7fa4db5fed

  • SHA512

    b50429f2cc1fac5c4553e3d87242acaca647fd5a53072c77e6bf943f986169b1ee1d482a2a3d0f555837fcd86b0ed1780549ed68a1c68c54861ab75ebb2733f7

  • SSDEEP

    3072:FmCuqdaav46obpe+njhnkbPFWpj2QGR9Qdcz7GRAvGPy/:oCuqdaav0MohnKPcGCcMAv

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://princessbluepublishing.com/sites/kh.exe

Targets

    • Target

      6a82ee76b4079c545ed72fb4b8ea18f4_JaffaCakes118

    • Size

      136KB

    • MD5

      6a82ee76b4079c545ed72fb4b8ea18f4

    • SHA1

      e979551b893342e7c8fe56613b9ad818ce4b5cb2

    • SHA256

      9e81657347bd10e9f214b01e99089e7d9fba91194eab2745fe04ae7fa4db5fed

    • SHA512

      b50429f2cc1fac5c4553e3d87242acaca647fd5a53072c77e6bf943f986169b1ee1d482a2a3d0f555837fcd86b0ed1780549ed68a1c68c54861ab75ebb2733f7

    • SSDEEP

      3072:FmCuqdaav46obpe+njhnkbPFWpj2QGR9Qdcz7GRAvGPy/:oCuqdaav0MohnKPcGCcMAv

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks