General

  • Target

    86f4b07c12619898e6537f3a7fc42b27JaffaCakes118

  • Size

    172KB

  • Sample

    240531-pzzzkahh53

  • MD5

    86f4b07c12619898e6537f3a7fc42b27

  • SHA1

    d51570c3e62d49162ef9c5f5a77aba1bf3473b1b

  • SHA256

    6e2cda657096507928f8bb65b77f8d938d6d2ade6834ab9c0fab27458f8e2566

  • SHA512

    6e01e4758983cfcb47d1de320f955d589a51a0dd178c25ea5b81f47be3e165d02ce24ef4876f9e64e00bb42d0b7b5af434292ff77b5edc81a2b10aea1eeadde9

  • SSDEEP

    1536:LGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP2hCYey7dL6PhLtHrxM43atHtjg:ZrfrzOH98ipg0HD+3KvoEwLQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://smartfarmsky.com/kdxhp/K/

exe.dropper

https://theonesmartpiano.com/wp-admin/css/colors/modern/W/

exe.dropper

https://www.breedenandsilver.com/wp-content/W3/

exe.dropper

https://blog.workshots.net/bibqcr9/GSB/

exe.dropper

https://lggpm.live/cgi-bin/Yq/

exe.dropper

https://sodalite.life/wp-content/uploads/Fl/

exe.dropper

https://classroom.live/wp-content/OlY/

Targets

    • Target

      86f4b07c12619898e6537f3a7fc42b27JaffaCakes118

    • Size

      172KB

    • MD5

      86f4b07c12619898e6537f3a7fc42b27

    • SHA1

      d51570c3e62d49162ef9c5f5a77aba1bf3473b1b

    • SHA256

      6e2cda657096507928f8bb65b77f8d938d6d2ade6834ab9c0fab27458f8e2566

    • SHA512

      6e01e4758983cfcb47d1de320f955d589a51a0dd178c25ea5b81f47be3e165d02ce24ef4876f9e64e00bb42d0b7b5af434292ff77b5edc81a2b10aea1eeadde9

    • SSDEEP

      1536:LGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP2hCYey7dL6PhLtHrxM43atHtjg:ZrfrzOH98ipg0HD+3KvoEwLQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks