General

  • Target

    7654136337e8ec5731367d13b9521e38_JaffaCakes118

  • Size

    44KB

  • Sample

    240526-wktmkaef9s

  • MD5

    7654136337e8ec5731367d13b9521e38

  • SHA1

    2e362a6437de31994deb26e27b018789227d34fe

  • SHA256

    b228ba531b47be002dcaec2ce218fbd310cfe235b6458690161a7a256bf1eec9

  • SHA512

    15dfd87cdf1e9b28bf06fb3750e3902561ac643ee25a268522b0e566675d8b3b5ca7e8f96ff299fe2b91f11e340ec220d7e2f849dd5d0069ef6e67482b1f3432

  • SSDEEP

    384:wca8iSUR/8dAUqNLi08kr8uHzQjbuMZZzkExygcPEdEsKhb2YOPygAP0jDat6:+/qLaLiEObZZ19yhEd6yPJeU

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://54.244.182.87:80

Targets

    • Target

      7654136337e8ec5731367d13b9521e38_JaffaCakes118

    • Size

      44KB

    • MD5

      7654136337e8ec5731367d13b9521e38

    • SHA1

      2e362a6437de31994deb26e27b018789227d34fe

    • SHA256

      b228ba531b47be002dcaec2ce218fbd310cfe235b6458690161a7a256bf1eec9

    • SHA512

      15dfd87cdf1e9b28bf06fb3750e3902561ac643ee25a268522b0e566675d8b3b5ca7e8f96ff299fe2b91f11e340ec220d7e2f849dd5d0069ef6e67482b1f3432

    • SSDEEP

      384:wca8iSUR/8dAUqNLi08kr8uHzQjbuMZZzkExygcPEdEsKhb2YOPygAP0jDat6:+/qLaLiEObZZ19yhEd6yPJeU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks