General

  • Target

    8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118

  • Size

    199KB

  • Sample

    240531-q2te8sae61

  • MD5

    8734d3348c99ddb0f59bbebf287b14a5

  • SHA1

    98ed33828491634ed53de01649a3850294286f51

  • SHA256

    7a5be8b684f6705a6123279518f533f46e5a7d8a94701304b10d5baae90e7325

  • SHA512

    6dc6d60e033c7ed29d681bd980ae5e12ed78df99528d8567389366ac15eca0fb20c756528cf9729376043bff110b08b56a431ddf8f6884252e39d28177010b8f

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZspfRvAKp/Rx:d/TX07hHcJQgJx

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/

exe.dropper

http://buyparrotsaustralia.com/4318z/q/

exe.dropper

https://dubai-homes.ae/wp-admin/4v/

exe.dropper

http://adventureitdate.com/wp-admin/7/

exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/

exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118

    • Size

      199KB

    • MD5

      8734d3348c99ddb0f59bbebf287b14a5

    • SHA1

      98ed33828491634ed53de01649a3850294286f51

    • SHA256

      7a5be8b684f6705a6123279518f533f46e5a7d8a94701304b10d5baae90e7325

    • SHA512

      6dc6d60e033c7ed29d681bd980ae5e12ed78df99528d8567389366ac15eca0fb20c756528cf9729376043bff110b08b56a431ddf8f6884252e39d28177010b8f

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZspfRvAKp/Rx:d/TX07hHcJQgJx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks