General

  • Target

    6e63719f216a5e020374767847ce4736_JaffaCakes118

  • Size

    82KB

  • Sample

    240524-nvyehafg95

  • MD5

    6e63719f216a5e020374767847ce4736

  • SHA1

    8c418a36f2793cac56e8d6ec78449b05d18dcb6a

  • SHA256

    986f18dad8d816cc3afc78251b720e3f9dcaf758e71cfc0ce8f6378309a578f9

  • SHA512

    86bf04bc7eb4e1813bc0127217068ef12dea7c16b5767603df5fd318fcc5f1c335c1313bdf866edceab8c444d2a9fdda44319dc493c352afbe8ea46000fe8ed2

  • SSDEEP

    1536:hptJlmrJpmxlRw99NBRC+aTmLIQ+FOd7Dz4q:/te2dw99fl+FOd3zL

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://docecreativo.com/dm

exe.dropper

http://cunisoft.com/O

exe.dropper

http://artzkaypharmacy.com.au/BlK0k0

exe.dropper

http://askaconvict.com/KYKuG

exe.dropper

http://atuare.com.br/ef

Targets

    • Target

      6e63719f216a5e020374767847ce4736_JaffaCakes118

    • Size

      82KB

    • MD5

      6e63719f216a5e020374767847ce4736

    • SHA1

      8c418a36f2793cac56e8d6ec78449b05d18dcb6a

    • SHA256

      986f18dad8d816cc3afc78251b720e3f9dcaf758e71cfc0ce8f6378309a578f9

    • SHA512

      86bf04bc7eb4e1813bc0127217068ef12dea7c16b5767603df5fd318fcc5f1c335c1313bdf866edceab8c444d2a9fdda44319dc493c352afbe8ea46000fe8ed2

    • SSDEEP

      1536:hptJlmrJpmxlRw99NBRC+aTmLIQ+FOd7Dz4q:/te2dw99fl+FOd3zL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks