General

  • Target

    86f913b20c6d0eb1f6792d2cba096668_JaffaCakes118

  • Size

    162KB

  • Sample

    240531-pgalysgf5y

  • MD5

    86f913b20c6d0eb1f6792d2cba096668

  • SHA1

    50f59496a9f549446d9a8d92109378f611501171

  • SHA256

    53ba839620332e07c8039150e8cdf017e869896b353562fabbe58f71267b7344

  • SHA512

    25f0145e18e5b99ba21a0c854ffbbfb23a28471473f31dd45d404feb05d6b81ac1a46e7821b457f12d125f7c4812fff3669c99cad64a25e58cf527d4ef6e9acc

  • SSDEEP

    1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9r5ZVDEuEfBzoISGQ:T/rfrzOH98ipgvO5JzoPGQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cryptokuota.com/assets/M2ngTrJ/

exe.dropper

https://pinterusmedia.com/wp-admin/YX/

exe.dropper

https://aszcasino.com/aszdemo/DRloh/

exe.dropper

https://dubai-homes.ae/wp-admin/YBJR3M/

exe.dropper

https://whitdoit.tk/ljiy53n/xxE/

exe.dropper

http://4life.com.vn/wp-admin/R/

exe.dropper

http://baran-business.de/wp-content/pMr/

Targets

    • Target

      86f913b20c6d0eb1f6792d2cba096668_JaffaCakes118

    • Size

      162KB

    • MD5

      86f913b20c6d0eb1f6792d2cba096668

    • SHA1

      50f59496a9f549446d9a8d92109378f611501171

    • SHA256

      53ba839620332e07c8039150e8cdf017e869896b353562fabbe58f71267b7344

    • SHA512

      25f0145e18e5b99ba21a0c854ffbbfb23a28471473f31dd45d404feb05d6b81ac1a46e7821b457f12d125f7c4812fff3669c99cad64a25e58cf527d4ef6e9acc

    • SSDEEP

      1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9r5ZVDEuEfBzoISGQ:T/rfrzOH98ipgvO5JzoPGQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks