General
-
Target
6bd9be4e8364eba7a01d817c77fe5554_JaffaCakes118
-
Size
221KB
-
Sample
240523-wzxyjabf98
-
MD5
6bd9be4e8364eba7a01d817c77fe5554
-
SHA1
124a2e6a78b84e7fc0f67078c35e54238aa687cf
-
SHA256
487d63accb96ca154bd9b2aa14ed7aa275f8edc867581d4dc7187fd833f52d9a
-
SHA512
447aecebd19566fff0088a528cbe667077f3663326332b16dfcc6c46fa8f6eec5b3d49b4ca6bba415664a0b60b380312bef77481153914433516587f3349440f
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpLySGju9jDW1M+7op32:EtcnvE140o8tIP4apLNjDjm+2
Behavioral task
behavioral1
Sample
6bd9be4e8364eba7a01d817c77fe5554_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6bd9be4e8364eba7a01d817c77fe5554_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://hottco.com/stats/erd/
http://dutarini.com/cgi-bin/6/
https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/
http://pastaciyiz.biz/wp-includes/fvx/
https://dogaltrm.com/components/r6h/
https://dortislem.net/administrator/c/
https://onyourleftracing.com/cgi-bin/QcC/
Targets
-
-
Target
6bd9be4e8364eba7a01d817c77fe5554_JaffaCakes118
-
Size
221KB
-
MD5
6bd9be4e8364eba7a01d817c77fe5554
-
SHA1
124a2e6a78b84e7fc0f67078c35e54238aa687cf
-
SHA256
487d63accb96ca154bd9b2aa14ed7aa275f8edc867581d4dc7187fd833f52d9a
-
SHA512
447aecebd19566fff0088a528cbe667077f3663326332b16dfcc6c46fa8f6eec5b3d49b4ca6bba415664a0b60b380312bef77481153914433516587f3349440f
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpLySGju9jDW1M+7op32:EtcnvE140o8tIP4apLNjDjm+2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-