General

  • Target

    7695ff26225be6321f38df07569dd4eb_JaffaCakes118

  • Size

    128KB

  • Sample

    240526-yaglcshc8t

  • MD5

    7695ff26225be6321f38df07569dd4eb

  • SHA1

    c16661c7d5e78ac8dd248e68cad42b82e4c4d32f

  • SHA256

    a666f9160bda0dc5c736acd1f0c9332b5f8ddcdf738397f430208b78e9f01ca9

  • SHA512

    33f9db0cfa0b6acd69b82033ca093da139db68766c9bcd579556290bc653dfe9c8ecf6ffc38c54e978de3cc60c977ccd13352c1424525579addc26e58fe5b069

  • SSDEEP

    1536:7ptJlmrJpmxlRw99NBD+aEdV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fQ96AxGcdgE16r

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://jobarba.com/wp-content/dstf6

exe.dropper

http://lightbox.lbdev.co.uk/WHl239

exe.dropper

http://challengerballtournament.com/5Evo

exe.dropper

http://thepresentationstage.com/V5mXOIOH

exe.dropper

http://demo.58insaat.com/tuGN6FS

Targets

    • Target

      7695ff26225be6321f38df07569dd4eb_JaffaCakes118

    • Size

      128KB

    • MD5

      7695ff26225be6321f38df07569dd4eb

    • SHA1

      c16661c7d5e78ac8dd248e68cad42b82e4c4d32f

    • SHA256

      a666f9160bda0dc5c736acd1f0c9332b5f8ddcdf738397f430208b78e9f01ca9

    • SHA512

      33f9db0cfa0b6acd69b82033ca093da139db68766c9bcd579556290bc653dfe9c8ecf6ffc38c54e978de3cc60c977ccd13352c1424525579addc26e58fe5b069

    • SSDEEP

      1536:7ptJlmrJpmxlRw99NBD+aEdV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fQ96AxGcdgE16r

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks