General

  • Target

    79725173017cc145d65bdd9b7f624680_JaffaCakes118

  • Size

    117KB

  • Sample

    240527-r1yt1afg8s

  • MD5

    79725173017cc145d65bdd9b7f624680

  • SHA1

    2a7cf0d66c83bc43f9e8e8ae1e5dda4fbba4e553

  • SHA256

    fd3abcce96da50a5c35852916049cf954dbc69a3e301bcc9e9dc3132de56d541

  • SHA512

    45546baaeba55743428361ebcea304eb9cd79c0bb684612338cbce54c62d6d744dfd36b2f5fcf3b75c753cc55be4ad309a7528c493b78dff039dc7e1f3e81921

  • SSDEEP

    1536:uvptJlmrJpmxlRw99NBp+a6zWra9u3PiYLZWhuJPAgBiDd+UwtS1AKfQvrc7h:gte2dw99fzrU2LZWaPAgB4MUIS1vY

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ilsentiero.co/ArvxduGz

exe.dropper

http://irradia.cl/YQuYkOfq

exe.dropper

http://iservicesbd.com/WNN6eRocRl

exe.dropper

http://www.ultigamer.com/wp-admin/includes/r8X6opk

exe.dropper

http://clock.noixun.com/fD7PjjzW

Targets

    • Target

      79725173017cc145d65bdd9b7f624680_JaffaCakes118

    • Size

      117KB

    • MD5

      79725173017cc145d65bdd9b7f624680

    • SHA1

      2a7cf0d66c83bc43f9e8e8ae1e5dda4fbba4e553

    • SHA256

      fd3abcce96da50a5c35852916049cf954dbc69a3e301bcc9e9dc3132de56d541

    • SHA512

      45546baaeba55743428361ebcea304eb9cd79c0bb684612338cbce54c62d6d744dfd36b2f5fcf3b75c753cc55be4ad309a7528c493b78dff039dc7e1f3e81921

    • SSDEEP

      1536:uvptJlmrJpmxlRw99NBp+a6zWra9u3PiYLZWhuJPAgBiDd+UwtS1AKfQvrc7h:gte2dw99fzrU2LZWaPAgB4MUIS1vY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks