General

  • Target

    867a58b4da5ccc7cee476b229e51318f_JaffaCakes118

  • Size

    193KB

  • Sample

    240531-k39kysdh32

  • MD5

    867a58b4da5ccc7cee476b229e51318f

  • SHA1

    d7615c3c576325878d064592619831c304b4c4a8

  • SHA256

    a88fb4f086c22812b67ca91d4052ca3187560e1c90317e71aa789aa86afa8bd6

  • SHA512

    ab7212bf4b4991ed3af89c075bfd9d9023404365439a03d1d811aed69d4e04fd54d0080138063c21df8a7fd90b421623cac3c4adc6819220dd1260da3adc09c1

  • SSDEEP

    3072:Pb4PrXcuQuvpzm4bkiaMQgAlS314nBhGMlZwkt:PUDRv1m4bnQgIS3ShGMlZwkt

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://eschricht.com/Carsten/JhAUO/

exe.dropper

http://hohwy.com/cgi-bin/jXbWR/

exe.dropper

http://f8computer.de/Organisation/xV3/

exe.dropper

http://pelumovil.com/wp-admin/WLpuIk/

exe.dropper

http://vonnahme.com/cgi-bin/NVzNNhc/

exe.dropper

http://www.inkarainbow.com/z0g/

exe.dropper

https://andaluzademarqueteria.com/area_cliente/5SvFmfd/

Targets

    • Target

      867a58b4da5ccc7cee476b229e51318f_JaffaCakes118

    • Size

      193KB

    • MD5

      867a58b4da5ccc7cee476b229e51318f

    • SHA1

      d7615c3c576325878d064592619831c304b4c4a8

    • SHA256

      a88fb4f086c22812b67ca91d4052ca3187560e1c90317e71aa789aa86afa8bd6

    • SHA512

      ab7212bf4b4991ed3af89c075bfd9d9023404365439a03d1d811aed69d4e04fd54d0080138063c21df8a7fd90b421623cac3c4adc6819220dd1260da3adc09c1

    • SSDEEP

      3072:Pb4PrXcuQuvpzm4bkiaMQgAlS314nBhGMlZwkt:PUDRv1m4bnQgIS3ShGMlZwkt

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks