General

  • Target

    7ac3273214868b220de5132032b513bc_JaffaCakes118

  • Size

    98KB

  • Sample

    240527-2effmsdd96

  • MD5

    7ac3273214868b220de5132032b513bc

  • SHA1

    6a14f62881b6beb1f69876bcf248be80e7e4ca33

  • SHA256

    dfc59312335a9a72fbdb967b1afb74ba0c3a81d12850af39a695413f36d79635

  • SHA512

    12b5e98d1260a7d8ab458e26e926f83deec978bf88b3645dce2f2d2bd105fdf7f8b2c08b94cfa94eff5dcead64a2abcc1b7ee6b007c9620b702677715ea1b6bf

  • SSDEEP

    1536:ATxjwKZ09cB7y9ghN8+mQ90MT+++aKFU0KIFlPe:cxjnB29gb8onh8l2

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fpeaces.net/NgFW6L

exe.dropper

http://jxbaohusan.com/8RQXS

exe.dropper

http://www.mega360.kiennhay.vn/wp-content/uploads/s2UFJ

exe.dropper

http://micronet-solutions.com/LU9M74q

exe.dropper

http://baute.org/X

Targets

    • Target

      7ac3273214868b220de5132032b513bc_JaffaCakes118

    • Size

      98KB

    • MD5

      7ac3273214868b220de5132032b513bc

    • SHA1

      6a14f62881b6beb1f69876bcf248be80e7e4ca33

    • SHA256

      dfc59312335a9a72fbdb967b1afb74ba0c3a81d12850af39a695413f36d79635

    • SHA512

      12b5e98d1260a7d8ab458e26e926f83deec978bf88b3645dce2f2d2bd105fdf7f8b2c08b94cfa94eff5dcead64a2abcc1b7ee6b007c9620b702677715ea1b6bf

    • SSDEEP

      1536:ATxjwKZ09cB7y9ghN8+mQ90MT+++aKFU0KIFlPe:cxjnB29gb8onh8l2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks