General

  • Target

    857688f4b575709514490c56260cda85_JaffaCakes118

  • Size

    163KB

  • Sample

    240531-ay1gdagc6z

  • MD5

    857688f4b575709514490c56260cda85

  • SHA1

    b8141c5db9703bca25fde0777aaa1e8f9a0bbff8

  • SHA256

    ed51b266a21df3fdcb9688895ed3065cc8167122d60134e9b25eccd669446ec2

  • SHA512

    774dca8cd9dff22a72a766530e08fc309e886ee2e4ffb92c1ecc63aec27b03e297fca062957084562c520928e937dc46aee2cdd3eec5ff351fb5ba33650fd81a

  • SSDEEP

    1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Bay9y0J6f264NWE:mrfrzOH98ipgjPJ6fQWE

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.yusukelife.com/wp/ure/

exe.dropper

https://www.ingyouth.com/wp-includes/0zCW/

exe.dropper

http://alphapharma247.com/wp-content/plugins/r/

exe.dropper

http://muanha24h.com/wp-content/fHS7/

exe.dropper

http://buyhacks.net/wp-content/jgLqdhk/

exe.dropper

https://comsotaque.com/wp-includes/5i/

exe.dropper

https://qualitychildcarepreschool.com/emqblk/Ik2D/

Targets

    • Target

      857688f4b575709514490c56260cda85_JaffaCakes118

    • Size

      163KB

    • MD5

      857688f4b575709514490c56260cda85

    • SHA1

      b8141c5db9703bca25fde0777aaa1e8f9a0bbff8

    • SHA256

      ed51b266a21df3fdcb9688895ed3065cc8167122d60134e9b25eccd669446ec2

    • SHA512

      774dca8cd9dff22a72a766530e08fc309e886ee2e4ffb92c1ecc63aec27b03e297fca062957084562c520928e937dc46aee2cdd3eec5ff351fb5ba33650fd81a

    • SSDEEP

      1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Bay9y0J6f264NWE:mrfrzOH98ipgjPJ6fQWE

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks