General

  • Target

    850c442276250171efb1ec92dc37b929_JaffaCakes118

  • Size

    133KB

  • Sample

    240530-1xk86scb69

  • MD5

    850c442276250171efb1ec92dc37b929

  • SHA1

    eb4667737cbe353a8213e099aafe860d7755a45f

  • SHA256

    0c504465913365c52057b1ffcf7480f785a739fa82edfd694d893c02e702e950

  • SHA512

    ae26789404876703397a34643fd861331d81f74fadda8391895dc245e298462aa5fd02aeee063aaa5665748c5f2879f63af30358a3017d3f96bba3614e2b0ffc

  • SSDEEP

    3072:I77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qj5Fd6H9mSJvuLpk:I77HUUUUUUUUUUUUUUUUUUUT52VA5Fd0

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://duanlocphatresidence.com/wp-admin/f350/

exe.dropper

http://momentsbynatali.com/wp-admin/tvdt421480/

exe.dropper

http://merodeshonline.com/wp/af133599/

exe.dropper

http://nguyenminhhoang.xyz/wordpress/ip21979/

exe.dropper

http://inpolpe.com/stock/zjgv6686843/

Targets

    • Target

      850c442276250171efb1ec92dc37b929_JaffaCakes118

    • Size

      133KB

    • MD5

      850c442276250171efb1ec92dc37b929

    • SHA1

      eb4667737cbe353a8213e099aafe860d7755a45f

    • SHA256

      0c504465913365c52057b1ffcf7480f785a739fa82edfd694d893c02e702e950

    • SHA512

      ae26789404876703397a34643fd861331d81f74fadda8391895dc245e298462aa5fd02aeee063aaa5665748c5f2879f63af30358a3017d3f96bba3614e2b0ffc

    • SSDEEP

      3072:I77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qj5Fd6H9mSJvuLpk:I77HUUUUUUUUUUUUUUUUUUUT52VA5Fd0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks