General

  • Target

    6bf8c0426942612117f842ff5fabf319_JaffaCakes118

  • Size

    124KB

  • Sample

    240523-xr8kqscg41

  • MD5

    6bf8c0426942612117f842ff5fabf319

  • SHA1

    6fe4f7e882b1e3d4769b4d9ba14ba1c228d143f3

  • SHA256

    fee54bee34cd77ecd9928ec8f4af9b1313a16c15485df0b206a6908e432a8ca8

  • SHA512

    1027a6a95949e1f9c157cb3b5af1357d9a00214f802f9aaabdcd71aa3c3f6bc79ad4e17e93ac3813a4d7df1ce61f6637cb9c9f69873d204ca6aac0233ba3c15c

  • SSDEEP

    1536:6bNYTzKmsP7sd9h1wFFFF7dC7MQMXc0qg4F5MnrA+aJOs0abqExYBvAy42+Gexy+:6bOTzKmsP7snh1UQ5g4fY9ZAyh+y+

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.copticpope.org/7nCPQr/

exe.dropper

http://wevik.hu/oadkCq/

exe.dropper

http://jakeingles.com/W3cw/

exe.dropper

http://www.kaukabphysiatry.com/hg9g/

exe.dropper

http://www.facebook.printuser.nl/dhxj/

Targets

    • Target

      Rechnung_2018_06_CY22053160887880.doc

    • Size

      93KB

    • MD5

      68496e372e5656d5c96cf74368277791

    • SHA1

      b50396e10d8af7dc1d3a5e65da5b6e80d7a4fb1d

    • SHA256

      00f4563cc7dd4686531b29a7a797b060daa891130724e4816862ed1c650d0901

    • SHA512

      f718afd275f3c53f7bd41df06b11763dd1dc5a18d7d17d7014602f131cf0c2d3fcbb30806cef5149f5ab6c67b21cabae975ff9ac981618c4fc1160f8783ea669

    • SSDEEP

      1536:3FFFF7dC7MQMXc0qg4F5MnrA+aJOs0abqExYBvAy42+Ge:XQ5g4fY9ZAyh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks