General
-
Target
7b4dfaa542c5fbe44914685688eb7f8d_JaffaCakes118
-
Size
176KB
-
Sample
240528-cbs5wsbf93
-
MD5
7b4dfaa542c5fbe44914685688eb7f8d
-
SHA1
862b4487b440f408389e4609fe19228f7c93cf10
-
SHA256
31c1361e8baf77b4fb015cde0ac73df4a7476022d35614113a88c60fe658cb9c
-
SHA512
a41f481c1cb3ab652e8b2ac819e93d96df44573d97fd6fefb57329fd7ae40d1d9d1a81186bdbd79e2dc21e006126b48b93d4b32008f69bfe1fc993ba895f19d8
-
SSDEEP
1536:13m48W5lrXcuYd0dGtgu8LoSRNHzz4lg8nV4b7Y7Dt5W9GvMQ/9iAl1a3kO+a9hT:44PrXcuQuvpzm4bkiaMQgAlSI+aDMw0t
Malware Config
Extracted
https://www.hhbiao.com/ro/hEGGg/
https://kissanime24.com/anime/tnqblnm875789/
http://ahansatan.com/wp-admin/IPTpsJjvkKHDM/
http://goldoni.co.uk/bmnfg411/qQmxCDIzDcR/
http://hirken.com.au/images/kul5uy3a48/
http://hofhuistechniek.nl/localhost/ZDN9mtkv7hsl25097064/
http://itcnt.com.np/2xk_kxs_r3u3g4/u2ka4qa5362685/
Targets
-
-
Target
7b4dfaa542c5fbe44914685688eb7f8d_JaffaCakes118
-
Size
176KB
-
MD5
7b4dfaa542c5fbe44914685688eb7f8d
-
SHA1
862b4487b440f408389e4609fe19228f7c93cf10
-
SHA256
31c1361e8baf77b4fb015cde0ac73df4a7476022d35614113a88c60fe658cb9c
-
SHA512
a41f481c1cb3ab652e8b2ac819e93d96df44573d97fd6fefb57329fd7ae40d1d9d1a81186bdbd79e2dc21e006126b48b93d4b32008f69bfe1fc993ba895f19d8
-
SSDEEP
1536:13m48W5lrXcuYd0dGtgu8LoSRNHzz4lg8nV4b7Y7Dt5W9GvMQ/9iAl1a3kO+a9hT:44PrXcuQuvpzm4bkiaMQgAlSI+aDMw0t
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-