General

  • Target

    870fe07adc7ff90f5630057924749eab_JaffaCakes118

  • Size

    173KB

  • Sample

    240531-p2fzgahd21

  • MD5

    870fe07adc7ff90f5630057924749eab

  • SHA1

    8784f90ed0c1c1557284fa95309c207e19a9a759

  • SHA256

    fabd2f3729de07ef5f673b245597b0d770876cb520d02fe15d4e9e62c7c7efde

  • SHA512

    63cf5ec3ae1d66db62a8d64d51fd19ca01a8242d03c8e786e49486545148743538e933c4ba50a73f7d6664f454b01b563033bb50a1d822b2462c3b5081b630ef

  • SSDEEP

    1536:erdi1Ir77zOH98Wj2gpngR+a9mpxO8nq78ct2PU7MXKSSxH5pcKaJnU7y2V:erfrzOH98ipg1kBU79

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rhyton-building.com/wp-admin/Ey8qV0/

exe.dropper

http://ezzll.com/wp-includes/KIU2WU/

exe.dropper

http://tellmetech.com/wp-content/4ka/

exe.dropper

https://elmundodelareposteria.com/wp-admin/0PVVmJm/

exe.dropper

https://manuelrozas.cl/assets/XWN/

exe.dropper

https://haritdharni.com/wp-admin/bZM/

exe.dropper

https://theworks-group.com/site/pQT6j5/

Targets

    • Target

      870fe07adc7ff90f5630057924749eab_JaffaCakes118

    • Size

      173KB

    • MD5

      870fe07adc7ff90f5630057924749eab

    • SHA1

      8784f90ed0c1c1557284fa95309c207e19a9a759

    • SHA256

      fabd2f3729de07ef5f673b245597b0d770876cb520d02fe15d4e9e62c7c7efde

    • SHA512

      63cf5ec3ae1d66db62a8d64d51fd19ca01a8242d03c8e786e49486545148743538e933c4ba50a73f7d6664f454b01b563033bb50a1d822b2462c3b5081b630ef

    • SSDEEP

      1536:erdi1Ir77zOH98Wj2gpngR+a9mpxO8nq78ct2PU7MXKSSxH5pcKaJnU7y2V:erfrzOH98ipg1kBU79

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks