General

  • Target

    6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118

  • Size

    121KB

  • Sample

    240524-ayx19afa77

  • MD5

    6cce3844ae7ae9cc8da0c5a2bd2842bc

  • SHA1

    41f165a10fd171f95b1ed658430a60a70bef54d2

  • SHA256

    dad8170988a315cb1ec7522c6b096f5ec9d96843daab4c086471f7d68f5a3362

  • SHA512

    75575407d61926758b3a2c864fe3005d4ad482e3e78d240b3dc0f676e7aa2f4ea53a581365f86078348c9cee7017f01b5dec15214f45982b09f0da114dd509ea

  • SSDEEP

    3072:fte2dw99f/WinAm4A1qWQqy0cElDhCyw:VHdw7/WiAhqIY1w

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tact-yl.fr/HqnEMKw

exe.dropper

http://www.premierpilawyers.com/043FVGKyE

exe.dropper

http://costaricanmedicaltours.com/2TIq6N0kS

exe.dropper

http://benthanhdorm.com/LIOZPBnu

exe.dropper

http://www.bogorterkini.com/NDmMxzL

Targets

    • Target

      6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118

    • Size

      121KB

    • MD5

      6cce3844ae7ae9cc8da0c5a2bd2842bc

    • SHA1

      41f165a10fd171f95b1ed658430a60a70bef54d2

    • SHA256

      dad8170988a315cb1ec7522c6b096f5ec9d96843daab4c086471f7d68f5a3362

    • SHA512

      75575407d61926758b3a2c864fe3005d4ad482e3e78d240b3dc0f676e7aa2f4ea53a581365f86078348c9cee7017f01b5dec15214f45982b09f0da114dd509ea

    • SSDEEP

      3072:fte2dw99f/WinAm4A1qWQqy0cElDhCyw:VHdw7/WiAhqIY1w

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks