General

  • Target

    873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118

  • Size

    106KB

  • Sample

    240531-q643jaaf51

  • MD5

    873aef95f5dd92455cdc82fac13d7f5d

  • SHA1

    69c117990e53745a97680c2b4358aaa2445cd9a4

  • SHA256

    21a32b9e696a24a81a26ff3d347f2c9ce3010e7a11dbd618be446df2eada3831

  • SHA512

    a5efa7b84ee9d1dbc6cb7790e34432425f2dbfbc2355f63c20cc4e5d399ff99c917a40e727373c3faac5a4c190c24e28690160314efa459ec14e0f58ed6cfc7d

  • SSDEEP

    1536:oDMeOY5C6OJsdBpZWt+a9BRlitMe8ibS4HM6HAftBxPbH:o4eOY5CTsdAzBe8ibbM7fPxzH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kamstraining.com/wp-admin/QKCb/

exe.dropper

http://akashicinsights.com/aspnet_client/YCm/

exe.dropper

http://alexwacker.com/nginx-custom/fM9vv/

exe.dropper

http://javiersandin.com/001/AJY8/

exe.dropper

http://lesgarconsdugazon.com/1p8tost/RlQPE/

Targets

    • Target

      873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118

    • Size

      106KB

    • MD5

      873aef95f5dd92455cdc82fac13d7f5d

    • SHA1

      69c117990e53745a97680c2b4358aaa2445cd9a4

    • SHA256

      21a32b9e696a24a81a26ff3d347f2c9ce3010e7a11dbd618be446df2eada3831

    • SHA512

      a5efa7b84ee9d1dbc6cb7790e34432425f2dbfbc2355f63c20cc4e5d399ff99c917a40e727373c3faac5a4c190c24e28690160314efa459ec14e0f58ed6cfc7d

    • SSDEEP

      1536:oDMeOY5C6OJsdBpZWt+a9BRlitMe8ibS4HM6HAftBxPbH:o4eOY5CTsdAzBe8ibbM7fPxzH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks