General

  • Target

    863237c4072cb93269f688996a9b93b2_JaffaCakes118

  • Size

    195KB

  • Sample

    240531-g25ntsae87

  • MD5

    863237c4072cb93269f688996a9b93b2

  • SHA1

    46d858e45ca262e8fceceecaeee084f877af72a4

  • SHA256

    ea48e310224317a3a93d7679dbb50ae967383d973cf7713613d8a240224ff454

  • SHA512

    5a1467efcc14cddaeed4436c3ba8e764ef603e2f44c0738f2d0966326048b672f77ace0efed55932898a080c8a04b230a43cb3652b7053f291edb140c7929d99

  • SSDEEP

    1536:2rdi1Ir77zOH98Wj2gpngh+a9k8ul8oPhEPmRl6VOn4B:2rfrzOH98ipgA8ul8uWP+l6VOn4B

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://vstbar.com/wp-admin/Hs/

exe.dropper

http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/

exe.dropper

http://shahqutubuddin.org/U/

exe.dropper

http://cybersign-001-site5.gtempurl.com/2xwzq/bve/

exe.dropper

https://star-speed.vip/wp-admin/Ttv/

exe.dropper

https://treneg.com.br/rfvmbh/a/

exe.dropper

https://cimsjr.com/hospital/x2f/

Targets

    • Target

      863237c4072cb93269f688996a9b93b2_JaffaCakes118

    • Size

      195KB

    • MD5

      863237c4072cb93269f688996a9b93b2

    • SHA1

      46d858e45ca262e8fceceecaeee084f877af72a4

    • SHA256

      ea48e310224317a3a93d7679dbb50ae967383d973cf7713613d8a240224ff454

    • SHA512

      5a1467efcc14cddaeed4436c3ba8e764ef603e2f44c0738f2d0966326048b672f77ace0efed55932898a080c8a04b230a43cb3652b7053f291edb140c7929d99

    • SSDEEP

      1536:2rdi1Ir77zOH98Wj2gpngh+a9k8ul8oPhEPmRl6VOn4B:2rfrzOH98ipgA8ul8uWP+l6VOn4B

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks