General

  • Target

    872748cdb7661035bdaf38613b3bed09_JaffaCakes118

  • Size

    158KB

  • Sample

    240531-qpparaaf94

  • MD5

    872748cdb7661035bdaf38613b3bed09

  • SHA1

    93e511af7522edc95f9ccd7deb09b64ad80b6d85

  • SHA256

    1566f358c08b612008f380dbf93ae439bedd0b527deb8bfa5ca732264e37af87

  • SHA512

    714de1ff94860823784f09686cfe50af39a199bab50f3a1d7869939d1b5538865f736bb3c969f0c694886ce8d5fd327149aff1392480aea257885b919330ad4a

  • SSDEEP

    1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9mlJimF:1rfrzOH98ipgMYmF

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://case.gonukkad.com/sys-cache/CjT/

exe.dropper

https://starrcoin.net/wp-admin/YT/

exe.dropper

http://modelaw.devkind.com.au/wp-admin/cvDRmGK/

exe.dropper

http://dprkp.palembang.go.id/sys-cache/7Y4aHw/

exe.dropper

http://completeguideblogging.com/euiot/PAuJG/

exe.dropper

http://qutiche.cn/wp-admin/Q/

exe.dropper

https://shiva-engineering.com/1cj/tKemHV7/

Targets

    • Target

      872748cdb7661035bdaf38613b3bed09_JaffaCakes118

    • Size

      158KB

    • MD5

      872748cdb7661035bdaf38613b3bed09

    • SHA1

      93e511af7522edc95f9ccd7deb09b64ad80b6d85

    • SHA256

      1566f358c08b612008f380dbf93ae439bedd0b527deb8bfa5ca732264e37af87

    • SHA512

      714de1ff94860823784f09686cfe50af39a199bab50f3a1d7869939d1b5538865f736bb3c969f0c694886ce8d5fd327149aff1392480aea257885b919330ad4a

    • SSDEEP

      1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9mlJimF:1rfrzOH98ipgMYmF

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks