General

  • Target

    8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118

  • Size

    169KB

  • Sample

    240531-klrzkscf8x

  • MD5

    8668c8724ee7fdfd5a6a6c6a20c001f2

  • SHA1

    513f9d02045ac6d86cff255f65fb1d7936a8722d

  • SHA256

    4de4f40c0e62b58b0257dacf98877c1696f65b286b060ec097e98177e3bd7a7a

  • SHA512

    4616e7929643f2c358a9be562ab8cfd0107380e493d9241ba960999bcdfc43c4e79556b6bbe7ee3f23b6e59193d80f69236ea6204d879e701d59fb8d5fb9b700

  • SSDEEP

    1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5iw:yrfrzOH98ipgBPLQRq/F

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://geevida.com/wp-admin/DhWo/

exe.dropper

http://elrofanfoods.com/wp-admin/qc/

exe.dropper

https://volcanict.com/wp-admin/LfWFF/

exe.dropper

http://xmjadever.com/wp-admin/FTOXI/

exe.dropper

https://gbmcleaning.com/1/Gdk5eqv/

exe.dropper

https://kingchuen.com/cgi-bin/KQ/

exe.dropper

https://billc46.com/uf65/H4/

Targets

    • Target

      8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118

    • Size

      169KB

    • MD5

      8668c8724ee7fdfd5a6a6c6a20c001f2

    • SHA1

      513f9d02045ac6d86cff255f65fb1d7936a8722d

    • SHA256

      4de4f40c0e62b58b0257dacf98877c1696f65b286b060ec097e98177e3bd7a7a

    • SHA512

      4616e7929643f2c358a9be562ab8cfd0107380e493d9241ba960999bcdfc43c4e79556b6bbe7ee3f23b6e59193d80f69236ea6204d879e701d59fb8d5fb9b700

    • SSDEEP

      1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5iw:yrfrzOH98ipgBPLQRq/F

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks