General

  • Target

    6bc38afcb1a5bffd71aefcd17d02cb3a_JaffaCakes118

  • Size

    78KB

  • Sample

    240523-wd3lwsah7z

  • MD5

    6bc38afcb1a5bffd71aefcd17d02cb3a

  • SHA1

    f3149aa71ce0d7b791cfec132d43ed9b88994138

  • SHA256

    765a1c88e5c3567913320ffadda3cadfef6ded21ca755e601623e378caa4134b

  • SHA512

    34538ca5f813100bc46a9ebc4e779b259a9bb81a5ee10bef97a7a5ca5fa8b63fb1da58d02209f60eb10662af0ea54abf660cbca04c804c78e6048b4fc4f715f1

  • SSDEEP

    1536:hptJlmrJpmxlRw99NBy+ahwapa/dJPZ4a6:/te2dw99fKcdJx4a

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://web1.macrometales.com/Gs2pLp

exe.dropper

http://cedvacelaya.com/Do

exe.dropper

http://electrogc.com.ar/s0AZgFc

exe.dropper

http://decodesign.cl/6N

exe.dropper

http://mudfreaksblog.cubicproject.com/FUl

Targets

    • Target

      6bc38afcb1a5bffd71aefcd17d02cb3a_JaffaCakes118

    • Size

      78KB

    • MD5

      6bc38afcb1a5bffd71aefcd17d02cb3a

    • SHA1

      f3149aa71ce0d7b791cfec132d43ed9b88994138

    • SHA256

      765a1c88e5c3567913320ffadda3cadfef6ded21ca755e601623e378caa4134b

    • SHA512

      34538ca5f813100bc46a9ebc4e779b259a9bb81a5ee10bef97a7a5ca5fa8b63fb1da58d02209f60eb10662af0ea54abf660cbca04c804c78e6048b4fc4f715f1

    • SSDEEP

      1536:hptJlmrJpmxlRw99NBy+ahwapa/dJPZ4a6:/te2dw99fKcdJx4a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks