General

  • Target

    6ab415814e5432bf55c78c60df0db7a7_JaffaCakes118

  • Size

    102KB

  • Sample

    240523-my5gjsdf8z

  • MD5

    6ab415814e5432bf55c78c60df0db7a7

  • SHA1

    8830f39cbd59dcbf14790465985b575f2095529a

  • SHA256

    1e52d21cc79be3403419f679a554b715835fcb71fbcf3e385a1368c6d3c19cf7

  • SHA512

    27a7a62cd78894cedd1f205076b4beaf5176869941ff34dbbd6f14dbd0469ea922a9ed76bc176f196b9e25dc3df59c2326d6d49afcdf6fc18fd79df445089028

  • SSDEEP

    1536:6WlWjptJlmrJpmxlRw99NBO+aA7IrlnKchqXN076KC0It4oCp7tEX:/4Nte2dw99fx2vR1It4HtEX

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://aliu-rdc.org/QwWKYJxM

exe.dropper

http://2idiotsandnobusinessplan.com/wC7

exe.dropper

http://7naturalessences.com/DFaSvtrS

exe.dropper

http://benimdunyamkres.com/v0vig1G1

exe.dropper

http://hostmktar.com/mP

Targets

    • Target

      JHL_D_3392853_28_08_2018.doc

    • Size

      83KB

    • MD5

      e4625136904c387f83100ce9861b2e21

    • SHA1

      3b29428a6cea904abd2903d5623fd7094914fec6

    • SHA256

      8db36a2bb5a769e6d5f1598734a7f26fcabed65197a0463a3ff1cc1486953d3c

    • SHA512

      191b87540c3f9d8ae06dd0532e22dafab46f2ab247a682f40f1a5a7bbdaa5e3b14e900a9195ef1077421695f9dfa3525d3a2b950a4eece65ad9200d0b4eebd9d

    • SSDEEP

      1536:JptJlmrJpmxlRw99NBO+aA7IrlnKchqXN076KC0It4oC:3te2dw99fx2vR1It4

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks