General

  • Target

    84f2bdf82b3f7fff819fd5c60aa3e50d_JaffaCakes118

  • Size

    188KB

  • Sample

    240530-warp8afb9v

  • MD5

    84f2bdf82b3f7fff819fd5c60aa3e50d

  • SHA1

    13fb77d94c7f8a16d30adbd8828ad5d06f3010a3

  • SHA256

    6d27f5af653565630751a1ab0faa64d0c28949cfdceef04b4c543a0b4a7666f3

  • SHA512

    1cd5b7e3ca24908189048cbf5a7cd3ec31049255c78672e745abe283c511ad8e4b3996deadb0f157fdb01ac1dce6de1cc1bb558eee43ffc523c585fcf73a5278

  • SSDEEP

    1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnQ:vrfrzOH98ipgMh5rYR

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dtyl.shop/wp-content/W68Nx/

exe.dropper

https://star-speed.vip/wp-admin/U2jRIg/

exe.dropper

https://cshub123.cn/wp-admin/Gajs/

exe.dropper

https://viettellogistics.com.vn/wp-content/oS4/

exe.dropper

http://cococat.se/wp-admin/2Oaf/

exe.dropper

http://andresirjan.ir/wp-admin/JSH/

exe.dropper

https://sptrade.com.br/wp-includes/iFZOvL/

Targets

    • Target

      84f2bdf82b3f7fff819fd5c60aa3e50d_JaffaCakes118

    • Size

      188KB

    • MD5

      84f2bdf82b3f7fff819fd5c60aa3e50d

    • SHA1

      13fb77d94c7f8a16d30adbd8828ad5d06f3010a3

    • SHA256

      6d27f5af653565630751a1ab0faa64d0c28949cfdceef04b4c543a0b4a7666f3

    • SHA512

      1cd5b7e3ca24908189048cbf5a7cd3ec31049255c78672e745abe283c511ad8e4b3996deadb0f157fdb01ac1dce6de1cc1bb558eee43ffc523c585fcf73a5278

    • SSDEEP

      1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnQ:vrfrzOH98ipgMh5rYR

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks