General

  • Target

    6adc070ab84c3f5a4dd225c851cd49c5_JaffaCakes118

  • Size

    74KB

  • Sample

    240523-n3w7eafd6y

  • MD5

    6adc070ab84c3f5a4dd225c851cd49c5

  • SHA1

    c6320148b078e764204e87fc85cdb54ef4b8491a

  • SHA256

    50128add4f9eb89878473727c1e18acca17e7bf243b8437455dec4995dc44141

  • SHA512

    d4e2af5cabfba3d6b6ca3a064e58f4aad751a40d49225e1594fbaae29cb5da994e9af8abbab926cb65ad5592e149e0edb2ef8609dc56e6b743b325b8c6112dd6

  • SSDEEP

    768:6pJcaUitGAlmrJpmxlzC+w99NBR+1odD594eohl3pq5MIUsk6y:6ptJlmrJpmxlRw99NBR+ad1sPqIT

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://weareynhh.org/xn6uQNI

exe.dropper

http://manatour.cl/6RVQnd5eWW

exe.dropper

http://komsupeynirdukkani.com/G3fHGjUV

exe.dropper

http://hajarsharif.ir/yQsp7FzS

exe.dropper

http://dwumas-serwis.pl//9rv80Qt

Targets

    • Target

      6adc070ab84c3f5a4dd225c851cd49c5_JaffaCakes118

    • Size

      74KB

    • MD5

      6adc070ab84c3f5a4dd225c851cd49c5

    • SHA1

      c6320148b078e764204e87fc85cdb54ef4b8491a

    • SHA256

      50128add4f9eb89878473727c1e18acca17e7bf243b8437455dec4995dc44141

    • SHA512

      d4e2af5cabfba3d6b6ca3a064e58f4aad751a40d49225e1594fbaae29cb5da994e9af8abbab926cb65ad5592e149e0edb2ef8609dc56e6b743b325b8c6112dd6

    • SSDEEP

      768:6pJcaUitGAlmrJpmxlzC+w99NBR+1odD594eohl3pq5MIUsk6y:6ptJlmrJpmxlRw99NBR+ad1sPqIT

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks