General
-
Target
6acfc827bf70cfd4fc9cd36f66ebba6c_JaffaCakes118
-
Size
124KB
-
Sample
240523-nq1ztsee8t
-
MD5
6acfc827bf70cfd4fc9cd36f66ebba6c
-
SHA1
cb32b63048a1368cceb3a2114ca6fe640ee440cd
-
SHA256
fbb1873ef58fdcc8f875e6450150e7a378e86deb32cb3525fd23d3791bf192ad
-
SHA512
08fe27514c28daaaa5278ab990f84a0ceaf3075eda9d157f01739de20574a30e811b610c84a0e51cc011c875005411f041d6feabf6601895c04a5738505232ec
-
SSDEEP
1536:nptJlmrJpmxlRw99NBc+aSwT+75RnuwACdRR2XGUggBlpF7xpy7RMANuk:pte2dw99fVtRIWwYMKuk
Malware Config
Extracted
http://hollywoodgossip.biz/GpyDtTIIO1
http://charpentier-couvreur-gironde.com/2Agu5kOrh7
http://surprise-dj-team.com/2Atuefrxm
http://spektramaxima.com/IXx8GGy
http://dc.amegt.com/wp-content/QNhKWYE
Targets
-
-
Target
6acfc827bf70cfd4fc9cd36f66ebba6c_JaffaCakes118
-
Size
124KB
-
MD5
6acfc827bf70cfd4fc9cd36f66ebba6c
-
SHA1
cb32b63048a1368cceb3a2114ca6fe640ee440cd
-
SHA256
fbb1873ef58fdcc8f875e6450150e7a378e86deb32cb3525fd23d3791bf192ad
-
SHA512
08fe27514c28daaaa5278ab990f84a0ceaf3075eda9d157f01739de20574a30e811b610c84a0e51cc011c875005411f041d6feabf6601895c04a5738505232ec
-
SSDEEP
1536:nptJlmrJpmxlRw99NBc+aSwT+75RnuwACdRR2XGUggBlpF7xpy7RMANuk:pte2dw99fVtRIWwYMKuk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-