General
-
Target
70837890e533e9fab55e951b6a6be639_JaffaCakes118
-
Size
188KB
-
Sample
240525-cexx9aag2v
-
MD5
70837890e533e9fab55e951b6a6be639
-
SHA1
fb7ff5be233ebb43acba473afcdaa21e09bdb59d
-
SHA256
39c83fd21ce730714e93e6bbe85f21770a761285c3fd1b2b2473e00644785e82
-
SHA512
4890b61c2702bef8ecebe7eedfb00d01bd75068650828eeb3119e299cb0ed60304843801c45163c1817dc2ba403bcd5a2857d27e1fda6979eebd81dc9939ac0e
-
SSDEEP
1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajn9:vrfrzOH98ipgBh5XY5
Malware Config
Extracted
http://dtyl.shop/wp-content/W68Nx/
https://star-speed.vip/wp-admin/U2jRIg/
https://cshub123.cn/wp-admin/Gajs/
https://viettellogistics.com.vn/wp-content/oS4/
http://cococat.se/wp-admin/2Oaf/
http://andresirjan.ir/wp-admin/JSH/
https://sptrade.com.br/wp-includes/iFZOvL/
Targets
-
-
Target
70837890e533e9fab55e951b6a6be639_JaffaCakes118
-
Size
188KB
-
MD5
70837890e533e9fab55e951b6a6be639
-
SHA1
fb7ff5be233ebb43acba473afcdaa21e09bdb59d
-
SHA256
39c83fd21ce730714e93e6bbe85f21770a761285c3fd1b2b2473e00644785e82
-
SHA512
4890b61c2702bef8ecebe7eedfb00d01bd75068650828eeb3119e299cb0ed60304843801c45163c1817dc2ba403bcd5a2857d27e1fda6979eebd81dc9939ac0e
-
SSDEEP
1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajn9:vrfrzOH98ipgBh5XY5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-