General
-
Target
6e0aa688b2397cd77486f3c06e5dae3e_JaffaCakes118
-
Size
177KB
-
Sample
240524-le7l5ace89
-
MD5
6e0aa688b2397cd77486f3c06e5dae3e
-
SHA1
7310a01861fa8811d5902dc8bc6c03937299c4ea
-
SHA256
4ab72d91d0e85daec3f451ceb24b75e35a698aec75707fa853f10d780396df0d
-
SHA512
67c95e43173caa012dee43bd7effc58cd29b160a2357fe570dbda90e6eea1bcc866ce50072ac985080746df6e3c76295574dcdc997abf0e1e5fdf96369b71d73
-
SSDEEP
1536:13m48W5lrXcuYd0dGtgu8LoSRNHzz4lg8nV4b7Y7Dt5W9GvMQ/9iAl1a3kO+a9NW:44PrXcuQuvpzm4bkiaMQgAlSc+aKmw0/
Malware Config
Extracted
https://www.hhbiao.com/ro/hEGGg/
https://kissanime24.com/anime/tnqblnm875789/
http://ahansatan.com/wp-admin/IPTpsJjvkKHDM/
http://goldoni.co.uk/bmnfg411/qQmxCDIzDcR/
http://hirken.com.au/images/kul5uy3a48/
http://hofhuistechniek.nl/localhost/ZDN9mtkv7hsl25097064/
http://itcnt.com.np/2xk_kxs_r3u3g4/u2ka4qa5362685/
Targets
-
-
Target
6e0aa688b2397cd77486f3c06e5dae3e_JaffaCakes118
-
Size
177KB
-
MD5
6e0aa688b2397cd77486f3c06e5dae3e
-
SHA1
7310a01861fa8811d5902dc8bc6c03937299c4ea
-
SHA256
4ab72d91d0e85daec3f451ceb24b75e35a698aec75707fa853f10d780396df0d
-
SHA512
67c95e43173caa012dee43bd7effc58cd29b160a2357fe570dbda90e6eea1bcc866ce50072ac985080746df6e3c76295574dcdc997abf0e1e5fdf96369b71d73
-
SSDEEP
1536:13m48W5lrXcuYd0dGtgu8LoSRNHzz4lg8nV4b7Y7Dt5W9GvMQ/9iAl1a3kO+a9NW:44PrXcuQuvpzm4bkiaMQgAlSc+aKmw0/
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-