General

  • Target

    6e97d97714cc3162e7c483c529168096_JaffaCakes118

  • Size

    203KB

  • Sample

    240524-p7nlhaea2v

  • MD5

    6e97d97714cc3162e7c483c529168096

  • SHA1

    bd4784a406a171ca7135f7919ff021563b57f944

  • SHA256

    e6048063142cbf76836ff584dead136ed7724ed97ab066bb97d9811a8282a6d3

  • SHA512

    66bfccf3205f02815dbfb5bfc7d5cfee5e62f9fd369a22c2dacd0b7580c2dccf535a5fa184ae0d28f3a6c8c2cd70a620238b3b05ee851d6f0df2130597d931b4

  • SSDEEP

    3072:zte2dw99fVXcd7ThEDy+37bQbQnPjPA0fpt36Tr8MRJYwz/CF:BHdw7Vcd7T+/rUbOPTAGPqTRYwz/0

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://goldenyachts.customexposure.tech/wp-content/uploads/e

exe.dropper

http://omnigroupcapital.com/poVNoK

exe.dropper

http://marindofacility.co.id/zErEGbN

exe.dropper

http://icexpert.net/bMHUCW

exe.dropper

http://puuf.it/Cv4Y2

Targets

    • Target

      6e97d97714cc3162e7c483c529168096_JaffaCakes118

    • Size

      203KB

    • MD5

      6e97d97714cc3162e7c483c529168096

    • SHA1

      bd4784a406a171ca7135f7919ff021563b57f944

    • SHA256

      e6048063142cbf76836ff584dead136ed7724ed97ab066bb97d9811a8282a6d3

    • SHA512

      66bfccf3205f02815dbfb5bfc7d5cfee5e62f9fd369a22c2dacd0b7580c2dccf535a5fa184ae0d28f3a6c8c2cd70a620238b3b05ee851d6f0df2130597d931b4

    • SSDEEP

      3072:zte2dw99fVXcd7ThEDy+37bQbQnPjPA0fpt36Tr8MRJYwz/CF:BHdw7Vcd7T+/rUbOPTAGPqTRYwz/0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks