General

  • Target

    86800a66ca6607f99b72ce82ee968b25_JaffaCakes118

  • Size

    200KB

  • Sample

    240531-k9velsea27

  • MD5

    86800a66ca6607f99b72ce82ee968b25

  • SHA1

    06517c32fa54721e8271fcf230e12ac0c24a5c10

  • SHA256

    b6f19a90da65451d33a9e9b5a8acc07432a84ebb7e6ad6d0f7fc29a4a53ab582

  • SHA512

    2861cbb7d6f9f194bc4d37018be376964b2f7e9e2ea73093af57568d0ae8d92a3652f001112470dd3290dd8d71b47a56d08ba2e09f413174371ec5c52b8b1a0b

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZ4pfRvAKpqRz:d/TX07hHcJQssz

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/

exe.dropper

http://buyparrotsaustralia.com/4318z/q/

exe.dropper

https://dubai-homes.ae/wp-admin/4v/

exe.dropper

http://adventureitdate.com/wp-admin/7/

exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/

exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      86800a66ca6607f99b72ce82ee968b25_JaffaCakes118

    • Size

      200KB

    • MD5

      86800a66ca6607f99b72ce82ee968b25

    • SHA1

      06517c32fa54721e8271fcf230e12ac0c24a5c10

    • SHA256

      b6f19a90da65451d33a9e9b5a8acc07432a84ebb7e6ad6d0f7fc29a4a53ab582

    • SHA512

      2861cbb7d6f9f194bc4d37018be376964b2f7e9e2ea73093af57568d0ae8d92a3652f001112470dd3290dd8d71b47a56d08ba2e09f413174371ec5c52b8b1a0b

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZ4pfRvAKpqRz:d/TX07hHcJQssz

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks