General

  • Target

    6eaa4adf86b4668c5071ed50f2fd6ecb_JaffaCakes118

  • Size

    168KB

  • Sample

    240524-qp417sfg88

  • MD5

    6eaa4adf86b4668c5071ed50f2fd6ecb

  • SHA1

    9f59f6df928466a116a6b90a0dede22ae2898dfb

  • SHA256

    23f1b03ee66fb8dd1a515afd7adeb8f85b260ef5e20a7d80ad1697865f59f794

  • SHA512

    d4577e2b54c51f121bd7d5140ac49dcf29b58ecd7266b598d8875d7a2e71347c45e9240d3e74c9c2149c15207045c63a3a9dcf847f13dcdbecdc4b7c5f2be258

  • SSDEEP

    3072:vxjnB29gb8on9giSXmh2TNc4aZxmHApw2:vxyUgxXggoZggpw2

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://snowdoll.net/UAT

exe.dropper

http://lavoroproducoes.com.br/4K8ok8g

exe.dropper

http://ecojusticepress.com/lRmU2Jt

exe.dropper

http://cm2.com.br/M

exe.dropper

http://craftww.pl//BidC

Targets

    • Target

      6eaa4adf86b4668c5071ed50f2fd6ecb_JaffaCakes118

    • Size

      168KB

    • MD5

      6eaa4adf86b4668c5071ed50f2fd6ecb

    • SHA1

      9f59f6df928466a116a6b90a0dede22ae2898dfb

    • SHA256

      23f1b03ee66fb8dd1a515afd7adeb8f85b260ef5e20a7d80ad1697865f59f794

    • SHA512

      d4577e2b54c51f121bd7d5140ac49dcf29b58ecd7266b598d8875d7a2e71347c45e9240d3e74c9c2149c15207045c63a3a9dcf847f13dcdbecdc4b7c5f2be258

    • SSDEEP

      3072:vxjnB29gb8on9giSXmh2TNc4aZxmHApw2:vxyUgxXggoZggpw2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks