General

  • Target

    6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118

  • Size

    81KB

  • Sample

    240524-ysgzvahf53

  • MD5

    6faf33dcd2aebb8a38e44ee3138db09e

  • SHA1

    1fca477369ffd062b71df6f1d5dafb2a106c820e

  • SHA256

    e6349ffaa8b50d88fbad3ad09d8363533b30af9eec2fcfef81577daa9be850db

  • SHA512

    0b54a3034b344e2fce15423d72f964f94fc86c1887076baf6fcd16e228583825bce888d4ce3327f6915a1f18c192fb556ebbfd03bf6c8cf1972040c78e6cad7f

  • SSDEEP

    768:h////gpJcaUitGAlmrJpmxlzC+w99NBx+1oU7eD1OEzNqP6g9N5gMa+rEopSSI6G:SptJlmrJpmxlRw99NBx+aU7ezK6YafU

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://dtpco.com/vQcOsD

exe.dropper

http://planet-makina.com/mm77h

exe.dropper

http://www.ultigamer.com/wp-admin/includes/pJ0N8k

exe.dropper

http://alyciawells.com/80eCFJL

exe.dropper

http://bigrighosting.com/KO

Targets

    • Target

      6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118

    • Size

      81KB

    • MD5

      6faf33dcd2aebb8a38e44ee3138db09e

    • SHA1

      1fca477369ffd062b71df6f1d5dafb2a106c820e

    • SHA256

      e6349ffaa8b50d88fbad3ad09d8363533b30af9eec2fcfef81577daa9be850db

    • SHA512

      0b54a3034b344e2fce15423d72f964f94fc86c1887076baf6fcd16e228583825bce888d4ce3327f6915a1f18c192fb556ebbfd03bf6c8cf1972040c78e6cad7f

    • SSDEEP

      768:h////gpJcaUitGAlmrJpmxlzC+w99NBx+1oU7eD1OEzNqP6g9N5gMa+rEopSSI6G:SptJlmrJpmxlRw99NBx+aU7ezK6YafU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks