General

  • Target

    850929805a67e05c26848de22eb839e1_JaffaCakes118

  • Size

    179KB

  • Sample

    240530-1tsh3sag91

  • MD5

    850929805a67e05c26848de22eb839e1

  • SHA1

    1b7433e0d938822990b941d8129512fe6b83912d

  • SHA256

    7baf6437673fed0c5576c8ffbecd4fdb1bc262a0fd3423a401420a809f095319

  • SHA512

    045c1a640ac417f263c2c824e8a1aecab749b35a5e6fc2754fecbd96cef7a27cd727613b48c848dc47d95c2cc975e053eec36400489aaba5ace357c9c051032b

  • SSDEEP

    1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9VSGIRK9b/WYjd2LO6h/QC27TxvY:crfrzOH98ipgdSGYK9TngLOm27TxvY

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sasystemsuk.com/index_files/j9b/

exe.dropper

https://case.gonukkad.com/sys-cache/fmC/

exe.dropper

http://vandamebuilders.com/wp-includes/OEyjc9x/

exe.dropper

https://nilinkeji.com/online/Dmz/

exe.dropper

http://paganwitch.com/wp-admin/CmubpSk/

exe.dropper

http://www.ekramco.ir/english/fn/

exe.dropper

http://votesteve.us/closed_zone/Bk/

Targets

    • Target

      850929805a67e05c26848de22eb839e1_JaffaCakes118

    • Size

      179KB

    • MD5

      850929805a67e05c26848de22eb839e1

    • SHA1

      1b7433e0d938822990b941d8129512fe6b83912d

    • SHA256

      7baf6437673fed0c5576c8ffbecd4fdb1bc262a0fd3423a401420a809f095319

    • SHA512

      045c1a640ac417f263c2c824e8a1aecab749b35a5e6fc2754fecbd96cef7a27cd727613b48c848dc47d95c2cc975e053eec36400489aaba5ace357c9c051032b

    • SSDEEP

      1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9VSGIRK9b/WYjd2LO6h/QC27TxvY:crfrzOH98ipgdSGYK9TngLOm27TxvY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks