General

  • Target

    7825e99149a8757b387be949c1345fd1_JaffaCakes118

  • Size

    86KB

  • Sample

    240527-gvqlbsae7t

  • MD5

    7825e99149a8757b387be949c1345fd1

  • SHA1

    0f0cc660d9f39edf758d43b139cc6b368240c721

  • SHA256

    9f1ae857de12b8d37728ebacda50b5233e2b6bee30be539f1403fe603a36c1ac

  • SHA512

    9f8dc9ffb2c131a61d2b0b327e84280b16686450b6669f58c974941a9404489429d4d2cd33df921b7242624aaea3dfad525122704cdbd650579fc9bfd7c5263b

  • SSDEEP

    1536:VptJlmrJpmxlRw99NBE+aGC3CDp1n+xYpKY:rte2dw99fE3mbn+2pZ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://alpharockgroup.com/HT

exe.dropper

http://adminflex.dk/l5TF6w

exe.dropper

http://gailong.net/X5AyWfJG

exe.dropper

http://shunji.org/logsite/TJaaB

exe.dropper

http://binar48.ru/OtTlVIU5

Targets

    • Target

      7825e99149a8757b387be949c1345fd1_JaffaCakes118

    • Size

      86KB

    • MD5

      7825e99149a8757b387be949c1345fd1

    • SHA1

      0f0cc660d9f39edf758d43b139cc6b368240c721

    • SHA256

      9f1ae857de12b8d37728ebacda50b5233e2b6bee30be539f1403fe603a36c1ac

    • SHA512

      9f8dc9ffb2c131a61d2b0b327e84280b16686450b6669f58c974941a9404489429d4d2cd33df921b7242624aaea3dfad525122704cdbd650579fc9bfd7c5263b

    • SSDEEP

      1536:VptJlmrJpmxlRw99NBE+aGC3CDp1n+xYpKY:rte2dw99fE3mbn+2pZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks