General

  • Target

    85223d10b243ca73c5d917825e0545b4_JaffaCakes118

  • Size

    157KB

  • Sample

    240530-2gxgyaca5z

  • MD5

    85223d10b243ca73c5d917825e0545b4

  • SHA1

    aaeb096d06190b006403356dd4d5fd737c4f0179

  • SHA256

    b4ad90e6f0d0dd694ff56756fbc2358d78ae1a5aca7a96229341efcd8b0d954a

  • SHA512

    338e0c3eff51d8ea7872a913b4d06bb0eddfc0ba8122142813ae99b3f40a8f9d78aca299263a0c5e54c50ad521f8089430fe154976487f8efbb12f1f6ff17392

  • SSDEEP

    1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9sTgwQx5EvGtarWfjPYKwAL+wT+EQ:CrfrzOH98ipg2wT+EQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://chengmikeji.com/wp-includes/mxbiVC/

exe.dropper

http://18.217.198.135/wp-admin/D/

exe.dropper

https://mixnchic.com/installo/vExTq/

exe.dropper

http://portalpymes.es/http:/yCVBv/

exe.dropper

http://www.gozowindmill.com/meteo/i5PR3e/

exe.dropper

http://transfersuvan.com/wp-admin/bfK/

exe.dropper

http://arquivopop.com.br/index_htm_files/bk/

Targets

    • Target

      85223d10b243ca73c5d917825e0545b4_JaffaCakes118

    • Size

      157KB

    • MD5

      85223d10b243ca73c5d917825e0545b4

    • SHA1

      aaeb096d06190b006403356dd4d5fd737c4f0179

    • SHA256

      b4ad90e6f0d0dd694ff56756fbc2358d78ae1a5aca7a96229341efcd8b0d954a

    • SHA512

      338e0c3eff51d8ea7872a913b4d06bb0eddfc0ba8122142813ae99b3f40a8f9d78aca299263a0c5e54c50ad521f8089430fe154976487f8efbb12f1f6ff17392

    • SSDEEP

      1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9sTgwQx5EvGtarWfjPYKwAL+wT+EQ:CrfrzOH98ipg2wT+EQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks