General

  • Target

    75d3ff328363980d85c64a0369b836e5_JaffaCakes118

  • Size

    86KB

  • Sample

    240526-r5t2lsaa4z

  • MD5

    75d3ff328363980d85c64a0369b836e5

  • SHA1

    e81816f47bae292f17fd2e71c9cc72fe66a68b36

  • SHA256

    f85a1ea511b36d6936de839b0f7e4fc1437497f066aae90c301ce6cb0f191ce7

  • SHA512

    c91b9c458ac449b1bcc1510d4d36154ccf34087461a17fed01eded3c6f9db6363013e0c170eb3781087951290547ac4d38e26484ad7e1653a50d5c4f2c75ace9

  • SSDEEP

    1536:optJlmrJpmxlRw99NBi+a3YCXd9o9eMsMm8RV:wte2dw99fGdy9eMsq

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.lt3.com.br/4P

exe.dropper

http://licanten.tk/Tgpc38X

exe.dropper

http://www.cainfirley.com/xzd8um

exe.dropper

http://www.kanarya.com.tr/SU

exe.dropper

http://www.goldschmittestans.ch/wtqNM

Targets

    • Target

      75d3ff328363980d85c64a0369b836e5_JaffaCakes118

    • Size

      86KB

    • MD5

      75d3ff328363980d85c64a0369b836e5

    • SHA1

      e81816f47bae292f17fd2e71c9cc72fe66a68b36

    • SHA256

      f85a1ea511b36d6936de839b0f7e4fc1437497f066aae90c301ce6cb0f191ce7

    • SHA512

      c91b9c458ac449b1bcc1510d4d36154ccf34087461a17fed01eded3c6f9db6363013e0c170eb3781087951290547ac4d38e26484ad7e1653a50d5c4f2c75ace9

    • SSDEEP

      1536:optJlmrJpmxlRw99NBi+a3YCXd9o9eMsMm8RV:wte2dw99fGdy9eMsq

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks