General

  • Target

    783c166ff248f55e3c6e1999534971b8_JaffaCakes118

  • Size

    131KB

  • Sample

    240527-hgpbsabd3v

  • MD5

    783c166ff248f55e3c6e1999534971b8

  • SHA1

    5b95afdc48caf1c7c0613c7c035de87ecf265c46

  • SHA256

    7c725376d061a6d5bc19a539b28a1ca9bede3abc3e889f58a7c3d3880b81bfe2

  • SHA512

    40866374a7c27175182f022ada567841e71b390ddf344948214ba48a2734a5176629d3182687b956429b71f9e82732304478053dc3cf27f1050332d76ae8fe3b

  • SSDEEP

    1536:tptJlmrJpmxlRw99NBk+aobJLg06G/sLX28/M4VUcTStEVZppeODa7ssaL:zte2dw99f6rt/MuUcxZpra7la

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://compactdmc.com/pBndq2bo

exe.dropper

http://psakpk.com/VXpBqwFuP7

exe.dropper

http://gorkembaba.xyz/7iOPTHf

exe.dropper

http://vivavidakardec.org/uqhD3JLKiG

exe.dropper

http://profsouz55.ru/6hSSkB3I

Targets

    • Target

      783c166ff248f55e3c6e1999534971b8_JaffaCakes118

    • Size

      131KB

    • MD5

      783c166ff248f55e3c6e1999534971b8

    • SHA1

      5b95afdc48caf1c7c0613c7c035de87ecf265c46

    • SHA256

      7c725376d061a6d5bc19a539b28a1ca9bede3abc3e889f58a7c3d3880b81bfe2

    • SHA512

      40866374a7c27175182f022ada567841e71b390ddf344948214ba48a2734a5176629d3182687b956429b71f9e82732304478053dc3cf27f1050332d76ae8fe3b

    • SSDEEP

      1536:tptJlmrJpmxlRw99NBk+aobJLg06G/sLX28/M4VUcTStEVZppeODa7ssaL:zte2dw99f6rt/MuUcxZpra7la

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks