General

  • Target

    8547937585da167836025bc2c576f852_JaffaCakes118

  • Size

    232KB

  • Sample

    240530-3g3vdsfb55

  • MD5

    8547937585da167836025bc2c576f852

  • SHA1

    d1f1d28e7ddbc9be753fa212e598303228b2a7ec

  • SHA256

    8a346d540cf74e5dd42aa37659347c7620b972f541ed167bf4ffe7cfcacfe5e5

  • SHA512

    75b327a8c3b1ab4a1c7a686ae8676684772d2af2090de004ee11acd187a745c3b69353332323fc08d67eb4830168772fcadad4eb1cfe45af3b2f70e98a72aeff

  • SSDEEP

    3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgsVXfKl3wsRL:7HgtEWPsL/aTyT9GkgslfKl3ws5

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://seedsagro.com/wp-content/MZ9Qd/

exe.dropper

http://aribsalin.ematj.com/up/E9Oj3tPaCk/

exe.dropper

http://dawood-elmoratel.ematj.com/wp-admin/eDORY317/

exe.dropper

http://khudothiaquacity.com/wp-admin/FLgiVM8/

exe.dropper

http://gpzjw8.net/ekjsn/AV785131/

Targets

    • Target

      8547937585da167836025bc2c576f852_JaffaCakes118

    • Size

      232KB

    • MD5

      8547937585da167836025bc2c576f852

    • SHA1

      d1f1d28e7ddbc9be753fa212e598303228b2a7ec

    • SHA256

      8a346d540cf74e5dd42aa37659347c7620b972f541ed167bf4ffe7cfcacfe5e5

    • SHA512

      75b327a8c3b1ab4a1c7a686ae8676684772d2af2090de004ee11acd187a745c3b69353332323fc08d67eb4830168772fcadad4eb1cfe45af3b2f70e98a72aeff

    • SSDEEP

      3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgsVXfKl3wsRL:7HgtEWPsL/aTyT9GkgslfKl3ws5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks