General

  • Target

    778c5d5e85efd57ca0a523d2916c307e_JaffaCakes118

  • Size

    99KB

  • Sample

    240527-cglb8sdc87

  • MD5

    778c5d5e85efd57ca0a523d2916c307e

  • SHA1

    5a3a5f5b9cb1591fbf095f1a8d81b69cea187116

  • SHA256

    0c8e5f99164c98aa82268066f1e296bb3f69bf87724d9021c1e83692495b9df8

  • SHA512

    0d24cfca44cd5a68f5d5b05fc421c4dd6b6cda7447f49d23131e8592e0a1d6aec547fcbd543b77a66105993f534572d33514fd0cdaf8ca8f0ae2e6292ff3a5c6

  • SSDEEP

    1536:eTxjwKZ09cB7y9ghN8+mQ90MTx+aDybugB2UKXe:mxjnB29gb8ongbugYDX

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://melissakiss.com/AnSxI

exe.dropper

http://fratis.ru/oA

exe.dropper

http://friosolar.cl/C2

exe.dropper

http://casa.lk/vqVcOOOk

exe.dropper

http://divarplus.com/VBy

Targets

    • Target

      778c5d5e85efd57ca0a523d2916c307e_JaffaCakes118

    • Size

      99KB

    • MD5

      778c5d5e85efd57ca0a523d2916c307e

    • SHA1

      5a3a5f5b9cb1591fbf095f1a8d81b69cea187116

    • SHA256

      0c8e5f99164c98aa82268066f1e296bb3f69bf87724d9021c1e83692495b9df8

    • SHA512

      0d24cfca44cd5a68f5d5b05fc421c4dd6b6cda7447f49d23131e8592e0a1d6aec547fcbd543b77a66105993f534572d33514fd0cdaf8ca8f0ae2e6292ff3a5c6

    • SSDEEP

      1536:eTxjwKZ09cB7y9ghN8+mQ90MTx+aDybugB2UKXe:mxjnB29gb8ongbugYDX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks