General

  • Target

    862e3fea6fd478433860e4dae4628210_JaffaCakes118

  • Size

    155KB

  • Sample

    240531-gxc31she6w

  • MD5

    862e3fea6fd478433860e4dae4628210

  • SHA1

    7c2499b9d5437b420ec72acdb9af8c6b444d2376

  • SHA256

    ba194c165790fe37e147a5148a0e460acbf65bdbafbf0928bc1bd762359e0691

  • SHA512

    d9bdaeca4eac695425c6daf18937ab967d523c79e1849e4a6602499bf36e9f0d60ad28f3cd702d8eea682db0254364b6ee50863c904e93c16139ee21a6ebe5dc

  • SSDEEP

    3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXE1SwqE:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://infokamp.com/edmatvu/XcvhTJMoveELDQSwTUGIwp/

exe.dropper

http://aaitrader.com/wp-includes/TdWfQOsyteJAaXt/

exe.dropper

http://hoststore.ro/wp-includes/iIyDhkZnoKGa/

exe.dropper

https://fepa18.org/wp-admin/vZJPXdJUKbsQoR/

exe.dropper

https://ioszm.com/wp-content/VKvRtbEjecrTUWtZwLJPTASMB/

Targets

    • Target

      862e3fea6fd478433860e4dae4628210_JaffaCakes118

    • Size

      155KB

    • MD5

      862e3fea6fd478433860e4dae4628210

    • SHA1

      7c2499b9d5437b420ec72acdb9af8c6b444d2376

    • SHA256

      ba194c165790fe37e147a5148a0e460acbf65bdbafbf0928bc1bd762359e0691

    • SHA512

      d9bdaeca4eac695425c6daf18937ab967d523c79e1849e4a6602499bf36e9f0d60ad28f3cd702d8eea682db0254364b6ee50863c904e93c16139ee21a6ebe5dc

    • SSDEEP

      3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXE1SwqE:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks