General

  • Target

    78a1829c397cf9eca27335cd43eeb5fe_JaffaCakes118

  • Size

    164KB

  • Sample

    240527-k365tsef4y

  • MD5

    78a1829c397cf9eca27335cd43eeb5fe

  • SHA1

    de0fc464cbe48a922c50cfbc2c7d4989efd7a794

  • SHA256

    6d065101c82387e4d45dc8df1cd0f0c2ac088407908d4fed319a7ea10e9e17cc

  • SHA512

    4fcf148443c7e706c1703bbfcf1d8d822a8f29ee60897e043855eefae45ffd0ec92290764d2d998c4f859a6ef45cadd53004aaebe793b73da3ea5f8a87046d2e

  • SSDEEP

    3072:XxjnB29gb8onzbVWyZFlaA2Bq+hldUgZeVs2dJMly:XxyVyZStBvRUgZys2Il

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baominhonline.com/EnM0X

exe.dropper

http://craquesdoradio.com.br/wp-includes/random_compat/aK

exe.dropper

http://csubiz.us/oeh

exe.dropper

http://ccoolmedia.com/P6fi1X6

exe.dropper

http://casellamoving.com/MPOK64SC

Targets

    • Target

      78a1829c397cf9eca27335cd43eeb5fe_JaffaCakes118

    • Size

      164KB

    • MD5

      78a1829c397cf9eca27335cd43eeb5fe

    • SHA1

      de0fc464cbe48a922c50cfbc2c7d4989efd7a794

    • SHA256

      6d065101c82387e4d45dc8df1cd0f0c2ac088407908d4fed319a7ea10e9e17cc

    • SHA512

      4fcf148443c7e706c1703bbfcf1d8d822a8f29ee60897e043855eefae45ffd0ec92290764d2d998c4f859a6ef45cadd53004aaebe793b73da3ea5f8a87046d2e

    • SSDEEP

      3072:XxjnB29gb8onzbVWyZFlaA2Bq+hldUgZeVs2dJMly:XxyVyZStBvRUgZys2Il

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks