General

  • Target

    85196271770a0266d9740af0d83478d9_JaffaCakes118

  • Size

    187KB

  • Sample

    240530-19156abe91

  • MD5

    85196271770a0266d9740af0d83478d9

  • SHA1

    a253dee66e6b58b8ae2c2c67fe6b1610b7f74fff

  • SHA256

    9bb91b50d2adb4ad6ff0f68321018a4273ea0df40c67014bd957351d0929378f

  • SHA512

    01062e45841fe4ac0f19c38b613040df4db8ac4f91d2da3a57e02ecaf5547b36bf3a37424d30569da6fd1013ddbea23985b3d45baf43d7c317879d47bdad88bd

  • SSDEEP

    1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCAw:zrfrzOH98ipgveHR

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://scrappy.upsproutmedia.com/wp-admin/J/

exe.dropper

https://china-specialist.com/wp-content/YrLG/

exe.dropper

https://www.upsproutmedia.com/wp-admin/M/

exe.dropper

http://pagearrow.com/wordpress/B/

exe.dropper

http://a.xuezha.cn/lajop/OYdUzf/

exe.dropper

http://blog.saadata.com/cgi-bin/vwz/

exe.dropper

http://zeeamfashion.com/content/rqoL/

Targets

    • Target

      85196271770a0266d9740af0d83478d9_JaffaCakes118

    • Size

      187KB

    • MD5

      85196271770a0266d9740af0d83478d9

    • SHA1

      a253dee66e6b58b8ae2c2c67fe6b1610b7f74fff

    • SHA256

      9bb91b50d2adb4ad6ff0f68321018a4273ea0df40c67014bd957351d0929378f

    • SHA512

      01062e45841fe4ac0f19c38b613040df4db8ac4f91d2da3a57e02ecaf5547b36bf3a37424d30569da6fd1013ddbea23985b3d45baf43d7c317879d47bdad88bd

    • SSDEEP

      1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCAw:zrfrzOH98ipgveHR

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks