General

  • Target

    8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118

  • Size

    158KB

  • Sample

    240531-atvekaha94

  • MD5

    8570ca7a6e6a80e58cdf2ad73fb349b5

  • SHA1

    25b7b50c104334f499fb109646083831f0183d06

  • SHA256

    ae651bbc1bb9cb216ddeae09b03346aa86c991c00d59ad680a83343eac0d4da2

  • SHA512

    d3af4c89b3c1506875f961dc7082b4860b9af75dff19fec3221da5de55584cfcadd0a1ae6d6010b77d5f6bc8d92ae9241fbf6464a7184e62e8b677b43571193b

  • SSDEEP

    1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9WlJi2V:1rfrzOH98ipgUY2V

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://case.gonukkad.com/sys-cache/CjT/

exe.dropper

https://starrcoin.net/wp-admin/YT/

exe.dropper

http://modelaw.devkind.com.au/wp-admin/cvDRmGK/

exe.dropper

http://dprkp.palembang.go.id/sys-cache/7Y4aHw/

exe.dropper

http://completeguideblogging.com/euiot/PAuJG/

exe.dropper

http://qutiche.cn/wp-admin/Q/

exe.dropper

https://shiva-engineering.com/1cj/tKemHV7/

Targets

    • Target

      8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118

    • Size

      158KB

    • MD5

      8570ca7a6e6a80e58cdf2ad73fb349b5

    • SHA1

      25b7b50c104334f499fb109646083831f0183d06

    • SHA256

      ae651bbc1bb9cb216ddeae09b03346aa86c991c00d59ad680a83343eac0d4da2

    • SHA512

      d3af4c89b3c1506875f961dc7082b4860b9af75dff19fec3221da5de55584cfcadd0a1ae6d6010b77d5f6bc8d92ae9241fbf6464a7184e62e8b677b43571193b

    • SSDEEP

      1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9WlJi2V:1rfrzOH98ipgUY2V

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks