General

  • Target

    862d28b98cd5045920effd016877bf9a_JaffaCakes118

  • Size

    162KB

  • Sample

    240531-gv6mjshe3x

  • MD5

    862d28b98cd5045920effd016877bf9a

  • SHA1

    dc4245e1188b379c51e3fd6df759e7cf53ea1c3c

  • SHA256

    eebe99de8b728086eee179946bbb49bece053df02ee45f5fd5b345a6dcfa4143

  • SHA512

    aa75782e759cac39c614edb8e8bb99c84073730cce7c267d92f8a2a68bc8cc92a9e9f0c9b1142dbb35a15abaca20827608f1819dac9f26c0a1522edbe0689b01

  • SSDEEP

    1536:MEtcE/QfgdtcE/Qfg6rdi1Ir77zOH98Wj2gpngx+a961CQdsOxPs:qrfrzOH98ipgXQdsOxs

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://guhaasmart.com/wp-content/Sso8T2/

exe.dropper

https://nacosvn.com/wp-includes/UiyQMhptt/

exe.dropper

http://c.mymortgagegenius.ca/lib/0sbH/

exe.dropper

http://groupbps.com/wp-content/uploads/2020/0ez5uo/

exe.dropper

http://americaslegalchoice.com/phpmyadmin/nGddnFoDW/

exe.dropper

https://cir.irb.hr/wp-content/Dl9/

exe.dropper

http://zplusshopping.com/wp-content/plugins/XgOR6A/

Targets

    • Target

      862d28b98cd5045920effd016877bf9a_JaffaCakes118

    • Size

      162KB

    • MD5

      862d28b98cd5045920effd016877bf9a

    • SHA1

      dc4245e1188b379c51e3fd6df759e7cf53ea1c3c

    • SHA256

      eebe99de8b728086eee179946bbb49bece053df02ee45f5fd5b345a6dcfa4143

    • SHA512

      aa75782e759cac39c614edb8e8bb99c84073730cce7c267d92f8a2a68bc8cc92a9e9f0c9b1142dbb35a15abaca20827608f1819dac9f26c0a1522edbe0689b01

    • SSDEEP

      1536:MEtcE/QfgdtcE/Qfg6rdi1Ir77zOH98Wj2gpngx+a961CQdsOxPs:qrfrzOH98ipgXQdsOxs

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks