General

  • Target

    76afd0a2a8c1c15b23e5e622ad3892b5_JaffaCakes118

  • Size

    91KB

  • Sample

    240526-yyy6babd87

  • MD5

    76afd0a2a8c1c15b23e5e622ad3892b5

  • SHA1

    ffba79d84b4a28deadf73ec1e5ac8e3dfc16c914

  • SHA256

    d3183d7f6a1f23ea1b44a311197f948ddf6a67317ffbb9c2280dcf934e96dc19

  • SHA512

    46907c4a01f8e0dbd87260eb611aed8c51bba72f65a6b196ea8c07950152849eb5457dfe1b2a30552cc5a0edabb28ac87f08164040fb9961e25321e17645a90a

  • SSDEEP

    768:+186Vj4AmvMkHcLoY8GYbe+1oJBjzAkkvJfYRddD4e878BVa99llZeKTGFv56qL:+1r4AsTHcjZke+aJx9aMP878SQRF56E

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://boyramos.dags.us/license/zzout.exe

exe.dropper

http://flourishfragrance.in/wp-content/uploads/zzout.exe

Targets

    • Target

      76afd0a2a8c1c15b23e5e622ad3892b5_JaffaCakes118

    • Size

      91KB

    • MD5

      76afd0a2a8c1c15b23e5e622ad3892b5

    • SHA1

      ffba79d84b4a28deadf73ec1e5ac8e3dfc16c914

    • SHA256

      d3183d7f6a1f23ea1b44a311197f948ddf6a67317ffbb9c2280dcf934e96dc19

    • SHA512

      46907c4a01f8e0dbd87260eb611aed8c51bba72f65a6b196ea8c07950152849eb5457dfe1b2a30552cc5a0edabb28ac87f08164040fb9961e25321e17645a90a

    • SSDEEP

      768:+186Vj4AmvMkHcLoY8GYbe+1oJBjzAkkvJfYRddD4e878BVa99llZeKTGFv56qL:+1r4AsTHcjZke+aJx9aMP878SQRF56E

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks