General

  • Target

    78063135adeef253b0e6ed3527934d52_JaffaCakes118

  • Size

    267KB

  • Sample

    240527-fzbgjahd4s

  • MD5

    78063135adeef253b0e6ed3527934d52

  • SHA1

    d7a7cdd73da191340ebe587b91f1ec181eaf847d

  • SHA256

    56cebaad888a13e71845249376ca9d4c4b697d2058eac1713c4d07840d320623

  • SHA512

    f9f0a6804353fe050aff6f1e97dcd2784c2ffd54f3e38fb65fdd3a5d8d24932da62574b70e743e9525ad41698b209065e72f29ed26626adcbb140479046defdb

  • SSDEEP

    3072:w0gPv0gPqJDRqHgIhqRQfMS7G4UB4IsspevHfXgvoUXIakRdIvNMpiz6xPOSrSE:opqhRqHg/aN7GjsspevHf8fkklTzG

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ishqekamil.com/ciY34zeKn3d

exe.dropper

http://cvlancer.com/CWvd8iMnLfj9C

exe.dropper

http://aucklandluxuryrealestatelistings.com/pHXewgm3qzll_3L

exe.dropper

http://nosomosgenios.com/cCZThGY1_wVKtkj23V

exe.dropper

http://2647403-1.web-hosting.es/blMc65Xgegv_YFDyjpRH

Targets

    • Target

      78063135adeef253b0e6ed3527934d52_JaffaCakes118

    • Size

      267KB

    • MD5

      78063135adeef253b0e6ed3527934d52

    • SHA1

      d7a7cdd73da191340ebe587b91f1ec181eaf847d

    • SHA256

      56cebaad888a13e71845249376ca9d4c4b697d2058eac1713c4d07840d320623

    • SHA512

      f9f0a6804353fe050aff6f1e97dcd2784c2ffd54f3e38fb65fdd3a5d8d24932da62574b70e743e9525ad41698b209065e72f29ed26626adcbb140479046defdb

    • SSDEEP

      3072:w0gPv0gPqJDRqHgIhqRQfMS7G4UB4IsspevHfXgvoUXIakRdIvNMpiz6xPOSrSE:opqhRqHg/aN7GjsspevHf8fkklTzG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks