General

  • Target

    6e59941bb133f8fdf7e4636fc0835b2c_JaffaCakes118

  • Size

    86KB

  • Sample

    240524-nj7h2afa6y

  • MD5

    6e59941bb133f8fdf7e4636fc0835b2c

  • SHA1

    e9cc4f0c83b8740e0c6d2ce0fcfa07aafd06c7a2

  • SHA256

    2ceff48074eed6f444c100a20824f4341066bdfa049c71a52aa2f21ea22d1c47

  • SHA512

    a2ca1c2845bbc532118da27c4c7f8a6e712da2276e5d2789416494ab1eed885897e5625f274fd1179b12e1c8b1c035b18e71b0936061ca19ac988a0e43cb7e4f

  • SSDEEP

    1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1H/HZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SxHPfl

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://5ccmyoung.com/rKEh

exe.dropper

http://theiro.com/Stkv

exe.dropper

http://sv-konstanz.info/n

exe.dropper

http://moschee-wil.ch/kex

exe.dropper

http://mport.org/uLff7

Targets

    • Target

      6e59941bb133f8fdf7e4636fc0835b2c_JaffaCakes118

    • Size

      86KB

    • MD5

      6e59941bb133f8fdf7e4636fc0835b2c

    • SHA1

      e9cc4f0c83b8740e0c6d2ce0fcfa07aafd06c7a2

    • SHA256

      2ceff48074eed6f444c100a20824f4341066bdfa049c71a52aa2f21ea22d1c47

    • SHA512

      a2ca1c2845bbc532118da27c4c7f8a6e712da2276e5d2789416494ab1eed885897e5625f274fd1179b12e1c8b1c035b18e71b0936061ca19ac988a0e43cb7e4f

    • SSDEEP

      1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1H/HZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SxHPfl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks