General
-
Target
7833a2b1b69f26bf8186fb4d724d091d_JaffaCakes118
-
Size
195KB
-
Sample
240527-g8ee8aba4x
-
MD5
7833a2b1b69f26bf8186fb4d724d091d
-
SHA1
262ff4114616b1876470e5c9009f6b62b73df29c
-
SHA256
f56906e33a9a9bd3b074b3b5c24c2e98ba58817c4c61452977054f27d0d9312d
-
SHA512
c6f9c11505cbd9a125acc49fc8bfb62e81cda0c5777c1f7396aed4ada37cf7fac64d7903d5edeaf0f788d2cec4be6bf5a31960952544f90da29003d7904b7e5f
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a9Jwul8oPhEPmRl6VOF4p:2rfrzOH98ipgVwul8uWP+l6VOF4p
Malware Config
Extracted
https://vstbar.com/wp-admin/Hs/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
http://shahqutubuddin.org/U/
http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
https://star-speed.vip/wp-admin/Ttv/
https://treneg.com.br/rfvmbh/a/
https://cimsjr.com/hospital/x2f/
Targets
-
-
Target
7833a2b1b69f26bf8186fb4d724d091d_JaffaCakes118
-
Size
195KB
-
MD5
7833a2b1b69f26bf8186fb4d724d091d
-
SHA1
262ff4114616b1876470e5c9009f6b62b73df29c
-
SHA256
f56906e33a9a9bd3b074b3b5c24c2e98ba58817c4c61452977054f27d0d9312d
-
SHA512
c6f9c11505cbd9a125acc49fc8bfb62e81cda0c5777c1f7396aed4ada37cf7fac64d7903d5edeaf0f788d2cec4be6bf5a31960952544f90da29003d7904b7e5f
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a9Jwul8oPhEPmRl6VOF4p:2rfrzOH98ipgVwul8uWP+l6VOF4p
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-