General

  • Target

    6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118

  • Size

    185KB

  • Sample

    240524-wl2pkaed98

  • MD5

    6f60215f1027677eb4ded4f781a7a7fd

  • SHA1

    befb11e6d537c08d3d4c51ca340d839bd678460c

  • SHA256

    e7d8a8739fd0c8f1fd0d6ce223da95ba91b04ec2b33b8383efa08c3218065aaf

  • SHA512

    91926bb56a38a0c16cbc0df65a08fbd125366f87197f408e7555f052896bd354fce9e019cef3b6500e4dec842c76b8e17f1acf114ccaf3cdf96c925eaebe2670

  • SSDEEP

    3072:8te2dw99fQYgfdTzL7+H56oukSzk6sNMlCs7WSd9+lDRWMYIi5VlCIAxf5Je9x3z:oHdw7eTzL7+HI3bY6sNM994Kp3Rx

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://peekaboorevue.com/0B5WOLOKFg

exe.dropper

http://atgmail.net/Jj6SClPro

exe.dropper

http://krever.jp/njwxGImMd

exe.dropper

http://gabrielamenna.com/RLDjDvQJw

exe.dropper

http://desnmsp.com/oEdTUUscJA

Targets

    • Target

      6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118

    • Size

      185KB

    • MD5

      6f60215f1027677eb4ded4f781a7a7fd

    • SHA1

      befb11e6d537c08d3d4c51ca340d839bd678460c

    • SHA256

      e7d8a8739fd0c8f1fd0d6ce223da95ba91b04ec2b33b8383efa08c3218065aaf

    • SHA512

      91926bb56a38a0c16cbc0df65a08fbd125366f87197f408e7555f052896bd354fce9e019cef3b6500e4dec842c76b8e17f1acf114ccaf3cdf96c925eaebe2670

    • SSDEEP

      3072:8te2dw99fQYgfdTzL7+H56oukSzk6sNMlCs7WSd9+lDRWMYIi5VlCIAxf5Je9x3z:oHdw7eTzL7+HI3bY6sNM994Kp3Rx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks