General

  • Target

    6c1de392585fb27da0afa139434e582b_JaffaCakes118

  • Size

    267KB

  • Sample

    240523-yyscrseg57

  • MD5

    6c1de392585fb27da0afa139434e582b

  • SHA1

    6ab1db173242718d36486a77e73ca767a80e2a9d

  • SHA256

    39320fa990c0f894d9bc984429f4ce79c87c381b4c996fd25eea8dbb7fdf3a7b

  • SHA512

    a28b81a78792a3c5da2b6618c9b2182a2903f880e33027195f8d3085cda4896dae28f4c03922b1785d63751bfe90eb917cfd0748a7b7c998d229cff837648c5e

  • SSDEEP

    6144:YNCwQK3RpVS7G4SVuz1QzLhxztsZGPwv:IQQLGSVuz1QHhxztCv

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mipec-city-view.com/q0Y2VCo4S8_8cQR8

exe.dropper

http://badkamer-sanitair.nl/OFwzfFgQr7yKGYd

exe.dropper

http://shlifovka.by/Iw2Rqxw58ji

exe.dropper

http://nightonline.ru/images/D1aSg48AcN

exe.dropper

http://bestservis161.ru/wp-snapshots/XDFTbeO6ID9N_BNKk

Targets

    • Target

      6c1de392585fb27da0afa139434e582b_JaffaCakes118

    • Size

      267KB

    • MD5

      6c1de392585fb27da0afa139434e582b

    • SHA1

      6ab1db173242718d36486a77e73ca767a80e2a9d

    • SHA256

      39320fa990c0f894d9bc984429f4ce79c87c381b4c996fd25eea8dbb7fdf3a7b

    • SHA512

      a28b81a78792a3c5da2b6618c9b2182a2903f880e33027195f8d3085cda4896dae28f4c03922b1785d63751bfe90eb917cfd0748a7b7c998d229cff837648c5e

    • SSDEEP

      6144:YNCwQK3RpVS7G4SVuz1QzLhxztsZGPwv:IQQLGSVuz1QHhxztCv

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks