General

  • Target

    853af392f2c6b1d1bcdc80e821268b11_JaffaCakes118

  • Size

    120KB

  • Sample

    240530-27vq2ade8y

  • MD5

    853af392f2c6b1d1bcdc80e821268b11

  • SHA1

    e3ea96670f8e7ddb48d4be419df7c073e867e8ee

  • SHA256

    87056522881fa1382caf82328e0f546cb2f7c31f179af7acd7160f7756462a55

  • SHA512

    577e3fd1d01d790b136d7d4e51c4de5829f291478bf83abec8dae9b9787ab38122a1d915b333cf5734da2834412d39217c23975eafa28c325c7e5571f3232234

  • SSDEEP

    1536:e0xGDlc0qk7b41lC+agT3DY88nevry079bRgCVx55:uDkk2r3DY5n07F9Vf

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://jpol.com/li8CyWi/

exe.dropper

http://foodstyle.de/kNKqO/

exe.dropper

https://silke-steinle.de/2hAuu3/

exe.dropper

http://charcalla.com/BjmQyaB/

Targets

    • Target

      853af392f2c6b1d1bcdc80e821268b11_JaffaCakes118

    • Size

      120KB

    • MD5

      853af392f2c6b1d1bcdc80e821268b11

    • SHA1

      e3ea96670f8e7ddb48d4be419df7c073e867e8ee

    • SHA256

      87056522881fa1382caf82328e0f546cb2f7c31f179af7acd7160f7756462a55

    • SHA512

      577e3fd1d01d790b136d7d4e51c4de5829f291478bf83abec8dae9b9787ab38122a1d915b333cf5734da2834412d39217c23975eafa28c325c7e5571f3232234

    • SSDEEP

      1536:e0xGDlc0qk7b41lC+agT3DY88nevry079bRgCVx55:uDkk2r3DY5n07F9Vf

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks