General

  • Target

    8511094862b74d41d7018625a568569f_JaffaCakes118

  • Size

    201KB

  • Sample

    240530-11n48sbb5w

  • MD5

    8511094862b74d41d7018625a568569f

  • SHA1

    21cf9ac2854d63aebf84df14557a1f0de77b9bf4

  • SHA256

    3873789add951f7faaee58644422e134440be2903271725124cff640acd0ad4d

  • SHA512

    cde23153688e3760c45012e50f102f0ecf52e66f7a4a99fc0f59b896a3102a9743dc23ea12de38a57fdffc35f15c4b7e133ff07f9204bbfd37b2473bb0709355

  • SSDEEP

    3072:E4PrXcuQuvpzm4bkiaMQgAlSiTisQKz3wGB/TOk/z3Iw0v:ZDRv1m4bnQgISE/3wGB/TOkjIw0v

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://cahayu.id/wp-includes/jSi7Fd1r2wtg64969/

exe.dropper

https://anhung1102.vn/wp-admin/LtirUcNdN/

exe.dropper

https://idan-online.co.il/wp-admin/PPf124q2l26832/

exe.dropper

http://www.canfrec.com.mx/4swBvrmkkp/VqcoomQpd/

exe.dropper

http://dhartiproject.mysquare.in/temp/ZJd8p5u49737132/

exe.dropper

https://lokeshullamkecskemet.hu/mail/Jnilw/

exe.dropper

http://armonimalatya.com/dermatomic/77qo1g74024/

Targets

    • Target

      8511094862b74d41d7018625a568569f_JaffaCakes118

    • Size

      201KB

    • MD5

      8511094862b74d41d7018625a568569f

    • SHA1

      21cf9ac2854d63aebf84df14557a1f0de77b9bf4

    • SHA256

      3873789add951f7faaee58644422e134440be2903271725124cff640acd0ad4d

    • SHA512

      cde23153688e3760c45012e50f102f0ecf52e66f7a4a99fc0f59b896a3102a9743dc23ea12de38a57fdffc35f15c4b7e133ff07f9204bbfd37b2473bb0709355

    • SSDEEP

      3072:E4PrXcuQuvpzm4bkiaMQgAlSiTisQKz3wGB/TOk/z3Iw0v:ZDRv1m4bnQgISE/3wGB/TOkjIw0v

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks