General

  • Target

    701986a5898c8d53a7add9e618c090d2_JaffaCakes118

  • Size

    91KB

  • Sample

    240524-242eeaeg27

  • MD5

    701986a5898c8d53a7add9e618c090d2

  • SHA1

    32b3aacebad94dd60ee7a24239325fd05e6bdb7c

  • SHA256

    e92d13ee8aedcd055189f7a7327d5276e4391c19bc9d6170870a835f8bb70919

  • SHA512

    583c173dca8167db4edc20104656d30ad8a7140e06c109a20a58d2f9d17d1456422d08bc2aa866fed5f4a432e0a8df1227624466423efcc285e596e9efd68d22

  • SSDEEP

    1536:eTxjwKZ09cB7y9ghN8+mQ90MTG+axNnyS1r94q:mxjnB29gb8onsFc

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://frankbruk.pl/2c41pAl

exe.dropper

http://barocatch.com/uGXYU6

exe.dropper

http://feitosaefujita.adv.br/MVgPzBH

exe.dropper

http://knappe.pl/9Sq

exe.dropper

http://sharjahas.com/FSpr1b

Targets

    • Target

      701986a5898c8d53a7add9e618c090d2_JaffaCakes118

    • Size

      91KB

    • MD5

      701986a5898c8d53a7add9e618c090d2

    • SHA1

      32b3aacebad94dd60ee7a24239325fd05e6bdb7c

    • SHA256

      e92d13ee8aedcd055189f7a7327d5276e4391c19bc9d6170870a835f8bb70919

    • SHA512

      583c173dca8167db4edc20104656d30ad8a7140e06c109a20a58d2f9d17d1456422d08bc2aa866fed5f4a432e0a8df1227624466423efcc285e596e9efd68d22

    • SSDEEP

      1536:eTxjwKZ09cB7y9ghN8+mQ90MTG+axNnyS1r94q:mxjnB29gb8onsFc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks