General

  • Target

    76f4e1d213610b394ab757b416a975f7_JaffaCakes118

  • Size

    71KB

  • Sample

    240526-14t5nadh6w

  • MD5

    76f4e1d213610b394ab757b416a975f7

  • SHA1

    b6e2a8c61598b78abce3795397ae8426ea82d58e

  • SHA256

    85f1cec376723655d5d616ed12c3d379d29c5e6a6f4067e0f3c1bb7e17353073

  • SHA512

    e643df99d4fa7aa39b08ffde43c3b1edbae9f6555d9aa27f81113879814f6509d82e179ef68198588d4a4e62466ed88a7bb81fc407901b568a140aea33b8182c

  • SSDEEP

    768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiEnf+W1Efo44/+7szlDsB8L:4ptJlmrJpmxlRw99NBN+aW717mAa

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://frayd.com/KccPtp

exe.dropper

http://empiresys.com.sg/Zpa5Q70H

exe.dropper

http://eldridgelondon.com/nubOyShJ

exe.dropper

http://iclebyte.com/oWT

exe.dropper

http://kerasova-photo.ru/Yuv

Targets

    • Target

      76f4e1d213610b394ab757b416a975f7_JaffaCakes118

    • Size

      71KB

    • MD5

      76f4e1d213610b394ab757b416a975f7

    • SHA1

      b6e2a8c61598b78abce3795397ae8426ea82d58e

    • SHA256

      85f1cec376723655d5d616ed12c3d379d29c5e6a6f4067e0f3c1bb7e17353073

    • SHA512

      e643df99d4fa7aa39b08ffde43c3b1edbae9f6555d9aa27f81113879814f6509d82e179ef68198588d4a4e62466ed88a7bb81fc407901b568a140aea33b8182c

    • SSDEEP

      768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiEnf+W1Efo44/+7szlDsB8L:4ptJlmrJpmxlRw99NBN+aW717mAa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks