General

  • Target

    84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118

  • Size

    172KB

  • Sample

    240530-wecf4afc8x

  • MD5

    84f6d98e98ca56b63209a7ee80d9e22d

  • SHA1

    5cea4b4a7989a73730c6329fd9ed346e99dd92b3

  • SHA256

    14650f22ccd9ac8f4effcb6415afc3ee21a1a681e0d621888dd3e28a30e9e237

  • SHA512

    4e4349e3ece2ef7b80066317aa8669887517dc678ed6f35d622b6a3014444e572dc9a5130522fe6fda4e78c4c42518c4c19dc14c9ccb648eee8fc196093a6d6d

  • SSDEEP

    1536:erdi1Ir77zOH98Wj2gpngR+a9gtxO8nq78ct2PU7MXKSSxH5pcKaJnt7y2F:erfrzOH98ipgrkBt7t

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rhyton-building.com/wp-admin/Ey8qV0/

exe.dropper

http://ezzll.com/wp-includes/KIU2WU/

exe.dropper

http://tellmetech.com/wp-content/4ka/

exe.dropper

https://elmundodelareposteria.com/wp-admin/0PVVmJm/

exe.dropper

https://manuelrozas.cl/assets/XWN/

exe.dropper

https://haritdharni.com/wp-admin/bZM/

exe.dropper

https://theworks-group.com/site/pQT6j5/

Targets

    • Target

      84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118

    • Size

      172KB

    • MD5

      84f6d98e98ca56b63209a7ee80d9e22d

    • SHA1

      5cea4b4a7989a73730c6329fd9ed346e99dd92b3

    • SHA256

      14650f22ccd9ac8f4effcb6415afc3ee21a1a681e0d621888dd3e28a30e9e237

    • SHA512

      4e4349e3ece2ef7b80066317aa8669887517dc678ed6f35d622b6a3014444e572dc9a5130522fe6fda4e78c4c42518c4c19dc14c9ccb648eee8fc196093a6d6d

    • SSDEEP

      1536:erdi1Ir77zOH98Wj2gpngR+a9gtxO8nq78ct2PU7MXKSSxH5pcKaJnt7y2F:erfrzOH98ipgrkBt7t

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks