General

  • Target

    856821322ec372efc0dbc3675a2ee75d_JaffaCakes118

  • Size

    229KB

  • Sample

    240531-alen5sff9y

  • MD5

    856821322ec372efc0dbc3675a2ee75d

  • SHA1

    edfa6fad14b4df5a016952ca7dab2a691deac416

  • SHA256

    1be44b0e843c0ede8c1b58ee3afe9065f73a230e766ed2943675c2f9e19940cd

  • SHA512

    ae6e72ef9b746e51f401d3ef2dd34afe6ea471b20b7e67f2104dcfcac0d5e008d076f2318cf566f0563f6a92d63ad5b847bc3a9a14c69d811e92924ccaf20618

  • SSDEEP

    3072:DYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////a:V0uXnWFchmmcI/o1/h//mwU0Qa

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://theexchangemascot.com/cgi-bin/EPorHOo/

exe.dropper

http://zarahmoden.com/wp-admin/oyF/

exe.dropper

http://www.taleotecnoracing.com/font/vQDBrVh/

exe.dropper

http://wijgaanscheiden.com/golfupdate.nl/Vlq60c/

exe.dropper

http://yachtresort.net/wp-admin/6Jwnw/

exe.dropper

http://sukhumvithomes.com/wp-includes/WNy9/

exe.dropper

https://www.xindakitalia.com/download/1/

Targets

    • Target

      856821322ec372efc0dbc3675a2ee75d_JaffaCakes118

    • Size

      229KB

    • MD5

      856821322ec372efc0dbc3675a2ee75d

    • SHA1

      edfa6fad14b4df5a016952ca7dab2a691deac416

    • SHA256

      1be44b0e843c0ede8c1b58ee3afe9065f73a230e766ed2943675c2f9e19940cd

    • SHA512

      ae6e72ef9b746e51f401d3ef2dd34afe6ea471b20b7e67f2104dcfcac0d5e008d076f2318cf566f0563f6a92d63ad5b847bc3a9a14c69d811e92924ccaf20618

    • SSDEEP

      3072:DYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////a:V0uXnWFchmmcI/o1/h//mwU0Qa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks