General

  • Target

    8659150e59009d1a902c0b98787d2358_JaffaCakes118

  • Size

    143KB

  • Sample

    240531-j5hpksch77

  • MD5

    8659150e59009d1a902c0b98787d2358

  • SHA1

    3e53a747d8d3d75856254fff7a4e36b67b5dc8a8

  • SHA256

    299a96af854096c57a55235a1bfc477f9d8ffd72f1d669580eeb82f9fbfe0c6a

  • SHA512

    7fa15d997d00bf9a1acf86100828289a2cf6f42ff4b7e22e729364b592272633e9d46e032b9aedb779db342082a1debb9b6e96e161728609ade053c0a89d83ee

  • SSDEEP

    1536:sY81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadrR42VtqY8d/wk+a9O:sY8GhDS0o9zTGOZD6EbzCdrC2H8/wD

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fungryfood.com/KplV5zq4

exe.dropper

http://www.mixturro.com/Vp1BgRVz9V

exe.dropper

http://www.coeurofafrica.com/ZOMYq5itS

exe.dropper

http://kleveremart.com/wrsYMb8r

exe.dropper

http://sakivatansever.com/1e0T7Gvc1

Targets

    • Target

      8659150e59009d1a902c0b98787d2358_JaffaCakes118

    • Size

      143KB

    • MD5

      8659150e59009d1a902c0b98787d2358

    • SHA1

      3e53a747d8d3d75856254fff7a4e36b67b5dc8a8

    • SHA256

      299a96af854096c57a55235a1bfc477f9d8ffd72f1d669580eeb82f9fbfe0c6a

    • SHA512

      7fa15d997d00bf9a1acf86100828289a2cf6f42ff4b7e22e729364b592272633e9d46e032b9aedb779db342082a1debb9b6e96e161728609ade053c0a89d83ee

    • SSDEEP

      1536:sY81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadrR42VtqY8d/wk+a9O:sY8GhDS0o9zTGOZD6EbzCdrC2H8/wD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks