General

  • Target

    86d751896efdbe034c9c816638196d43JaffaCakes118

  • Size

    119KB

  • Sample

    240531-qjmvqsaa2t

  • MD5

    86d751896efdbe034c9c816638196d43

  • SHA1

    b4c80043537e33997aa94e9267c54449535c7910

  • SHA256

    eb910be2272948d91c32587a785bfa7ca5b9d3ed84a97c67f690854dbb1787c8

  • SHA512

    1f87e717e742aa4d93ddb1ba4fedcfeb98b63093ee104036d920522bd3e88aa83f96cee5cc1aaa52d6f0531b32c2aceb11315ef7eba31dd72f06cbaa5ee0fdf2

  • SSDEEP

    1536:w1upv3JgMSOang1+agAvYqswQERX0Aft+mNcS4GSVF/9d:GyBSOaovYqKgtP+S4GSjV

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://visual-sounds.com/ssfm/RpIKkJ/

exe.dropper

http://lange2011.de/NtczUz/

exe.dropper

http://hellmuth-worbs.de/RaYVacH/

exe.dropper

http://comquestsoftware.com/thinkingrider/18cr2K/

Targets

    • Target

      86d751896efdbe034c9c816638196d43JaffaCakes118

    • Size

      119KB

    • MD5

      86d751896efdbe034c9c816638196d43

    • SHA1

      b4c80043537e33997aa94e9267c54449535c7910

    • SHA256

      eb910be2272948d91c32587a785bfa7ca5b9d3ed84a97c67f690854dbb1787c8

    • SHA512

      1f87e717e742aa4d93ddb1ba4fedcfeb98b63093ee104036d920522bd3e88aa83f96cee5cc1aaa52d6f0531b32c2aceb11315ef7eba31dd72f06cbaa5ee0fdf2

    • SSDEEP

      1536:w1upv3JgMSOang1+agAvYqswQERX0Aft+mNcS4GSVF/9d:GyBSOaovYqKgtP+S4GSjV

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks