General

  • Target

    6ec5e70ac1c7292ca46a18991bdff1bc_JaffaCakes118

  • Size

    119KB

  • Sample

    240524-rehkwsgg43

  • MD5

    6ec5e70ac1c7292ca46a18991bdff1bc

  • SHA1

    db8163e60e1931dee91628d1d48eaade1c067338

  • SHA256

    d24b8c467edd623fc8ef8196b51ae0a84cee4ecd312eea01ff29d84077a7fbf3

  • SHA512

    97d7064f9d3fd21989684dedc72bb6a3e61e52b3cefb534b37a22427fa3c8fd62c798425292fc1b33db82a7062e226f96ade560b73581b7c485f8e478f41add5

  • SSDEEP

    1536:7ptJlmrJpmxlRw99NBD+awxNtK/r851Hjmn6EXKLWNL+vbvpRwjUS:Vte2dw99fWNtaIfKn6vLWNYzm3

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://taksell.net/xRNgAeZ

exe.dropper

http://1conpo.ru/9V34u9Jnc

exe.dropper

http://stoobb.nl/zcw33VPGvy

exe.dropper

http://iptestlabs.com/cabOsum7

exe.dropper

http://tools.burovik.com/rLToLrXoL

Targets

    • Target

      6ec5e70ac1c7292ca46a18991bdff1bc_JaffaCakes118

    • Size

      119KB

    • MD5

      6ec5e70ac1c7292ca46a18991bdff1bc

    • SHA1

      db8163e60e1931dee91628d1d48eaade1c067338

    • SHA256

      d24b8c467edd623fc8ef8196b51ae0a84cee4ecd312eea01ff29d84077a7fbf3

    • SHA512

      97d7064f9d3fd21989684dedc72bb6a3e61e52b3cefb534b37a22427fa3c8fd62c798425292fc1b33db82a7062e226f96ade560b73581b7c485f8e478f41add5

    • SSDEEP

      1536:7ptJlmrJpmxlRw99NBD+awxNtK/r851Hjmn6EXKLWNL+vbvpRwjUS:Vte2dw99fWNtaIfKn6vLWNYzm3

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks