General

  • Target

    8528a1d174c7780597dedc6c11d37ff5_JaffaCakes118

  • Size

    191KB

  • Sample

    240530-2m76madd75

  • MD5

    8528a1d174c7780597dedc6c11d37ff5

  • SHA1

    72f6ad2994fad7e6c29eca5245d1fd9b6339d60b

  • SHA256

    5ccd67236c37294b1d0433a19bf424554de4595df95a856a15610b947ecf2232

  • SHA512

    d25465e2f42beadfcc66f1e5c73fa1d0a8e82f7695f12445d4c20d84e1e8c1d736c2bed1efa64ca20ab14a5a7116557f1f1d81b046e185086fc269e4fe311101

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a9Ck1qlDba/qrHEs+nPyNdOx7FeX:+rfrzOH98ipgwva/qTX+nPyLOB8X

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/

exe.dropper

https://www.cupgel.com/__MACOSX/3/

exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/

exe.dropper

http://crewnecksusa.com/wp-content/NJ/

exe.dropper

http://www.dougsuniverse.com/pics/yL8/

exe.dropper

https://idilsoft.com/admin/B/

exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      8528a1d174c7780597dedc6c11d37ff5_JaffaCakes118

    • Size

      191KB

    • MD5

      8528a1d174c7780597dedc6c11d37ff5

    • SHA1

      72f6ad2994fad7e6c29eca5245d1fd9b6339d60b

    • SHA256

      5ccd67236c37294b1d0433a19bf424554de4595df95a856a15610b947ecf2232

    • SHA512

      d25465e2f42beadfcc66f1e5c73fa1d0a8e82f7695f12445d4c20d84e1e8c1d736c2bed1efa64ca20ab14a5a7116557f1f1d81b046e185086fc269e4fe311101

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a9Ck1qlDba/qrHEs+nPyNdOx7FeX:+rfrzOH98ipgwva/qTX+nPyLOB8X

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks