General

  • Target

    793eaf9254802888f857e9b872667796_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240527-qnn9csea4x

  • MD5

    793eaf9254802888f857e9b872667796

  • SHA1

    346d455e9289f48357d355a290abc9c1d1dc862a

  • SHA256

    de9d3ac980f7b5f8b2e6e7489ed342fc7b9bdedf54c3cee6b9b295a850e6891b

  • SHA512

    ee7932dd3cc11aa40d697e6d79570ef987a2f6bc553ecd7cb4a6ffaf059e244cadf115cf0e62e569d53f41409441af504117359c39c7f85806dc2eac298401b8

  • SSDEEP

    12288:QGDi8wwU+yjXPaa4NVgw8D5u+4lRtaUGPtcGDViNs538iel8TeWz/wEECRHzXZ9P:mv9G8jzAdKiRF97DOT

Malware Config

Targets

    • Target

      793eaf9254802888f857e9b872667796_JaffaCakes118

    • Size

      1.2MB

    • MD5

      793eaf9254802888f857e9b872667796

    • SHA1

      346d455e9289f48357d355a290abc9c1d1dc862a

    • SHA256

      de9d3ac980f7b5f8b2e6e7489ed342fc7b9bdedf54c3cee6b9b295a850e6891b

    • SHA512

      ee7932dd3cc11aa40d697e6d79570ef987a2f6bc553ecd7cb4a6ffaf059e244cadf115cf0e62e569d53f41409441af504117359c39c7f85806dc2eac298401b8

    • SSDEEP

      12288:QGDi8wwU+yjXPaa4NVgw8D5u+4lRtaUGPtcGDViNs538iel8TeWz/wEECRHzXZ9P:mv9G8jzAdKiRF97DOT

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks