General

  • Target

    7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118

  • Size

    265KB

  • Sample

    240527-2ry4hsea73

  • MD5

    7ad0b4306a1be84bfcf2d7796025cdce

  • SHA1

    642aaaaabb19351d3cae740ced6430a81ba9ff98

  • SHA256

    cb7fed639a8ea9b95fa1af6d317298a58346d67afd56a281d8ac0ab7196b1e61

  • SHA512

    0936b28252f029ccd7cef4de2539fbd5ae1ef42735d07979d138aed7f2e30c5dfbcd2cd6c6197bd74f0b73bcb63ce47aa39897815c68556ebf5513d79d3dbe0c

  • SSDEEP

    3072:7khgqkhgACSQKaSx+SbtYqS4fvS7GQRbSVuz1QzC9klhxztsZ5QPwYPy+SrvFUBU:7CwQK3RpVS7G4SVuz1QzLhxztsZGPwt

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://detectin.com/V4oLzhUPF

exe.dropper

http://api.thememove.com/hQU6NxM5AE

exe.dropper

http://efreedommaker.com/6mctGDu

exe.dropper

http://www.devitforward.com/Y0PvANUb8x

exe.dropper

http://nihilistpost.com/wp-content/AlDpmt6e4C

Targets

    • Target

      7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118

    • Size

      265KB

    • MD5

      7ad0b4306a1be84bfcf2d7796025cdce

    • SHA1

      642aaaaabb19351d3cae740ced6430a81ba9ff98

    • SHA256

      cb7fed639a8ea9b95fa1af6d317298a58346d67afd56a281d8ac0ab7196b1e61

    • SHA512

      0936b28252f029ccd7cef4de2539fbd5ae1ef42735d07979d138aed7f2e30c5dfbcd2cd6c6197bd74f0b73bcb63ce47aa39897815c68556ebf5513d79d3dbe0c

    • SSDEEP

      3072:7khgqkhgACSQKaSx+SbtYqS4fvS7GQRbSVuz1QzC9klhxztsZ5QPwYPy+SrvFUBU:7CwQK3RpVS7G4SVuz1QzLhxztsZGPwt

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks