General

  • Target

    6c127e044ca2da053ea6ff8a163d0ffc_JaffaCakes118

  • Size

    212KB

  • Sample

    240523-yk91naea7v

  • MD5

    6c127e044ca2da053ea6ff8a163d0ffc

  • SHA1

    89bd5cd7aea44e9c541989e52e8cd96ea1a86995

  • SHA256

    5b3608494e90c680fbb1c82ca2d97ee6b92f0c35faed96d13a550f709c53a6b5

  • SHA512

    71296e277d5055bdda1b6ebafed375bb4a8a7471133b3982a7f5fd6a305055a821a719272c2452a530ea6ca9e391c23df725e2b124c29c890a2dd4e0a9dcec52

  • SSDEEP

    3072:JH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5MyXJm9YBmjD3A2g8:JFVeEsjdXRC3jexGG67YWof3g8

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://danisasellers.com/6pEhRZwv/

exe.dropper

http://www.180daystohappy.com/b6GCxLobs/

exe.dropper

http://xn--yyc-jk4buiz50r.com/Wiv71RQ/

exe.dropper

http://syjingermei.xyz/QUEFUr/

exe.dropper

http://pchost-aeronet.hu/vtSmF1X/

Targets

    • Target

      6c127e044ca2da053ea6ff8a163d0ffc_JaffaCakes118

    • Size

      212KB

    • MD5

      6c127e044ca2da053ea6ff8a163d0ffc

    • SHA1

      89bd5cd7aea44e9c541989e52e8cd96ea1a86995

    • SHA256

      5b3608494e90c680fbb1c82ca2d97ee6b92f0c35faed96d13a550f709c53a6b5

    • SHA512

      71296e277d5055bdda1b6ebafed375bb4a8a7471133b3982a7f5fd6a305055a821a719272c2452a530ea6ca9e391c23df725e2b124c29c890a2dd4e0a9dcec52

    • SSDEEP

      3072:JH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5MyXJm9YBmjD3A2g8:JFVeEsjdXRC3jexGG67YWof3g8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks