General

  • Target

    872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118

  • Size

    216KB

  • Sample

    240531-qvyrdaac9w

  • MD5

    872cd0d6fc9037131b6f2bdcfa7cbee5

  • SHA1

    5d6eb7600b06659eb2b77105e606990209e3d7b9

  • SHA256

    cce15dec3bc1410569a816b6fac4c8f582b572af674a8fc37b31864bc92e417b

  • SHA512

    21bec23ffbe96a4f30ccd0e0ccee873654d9fc9ab5455267b8f012e8d0739b9adfabe2e1d5613901f2573eec67111a89084bc8ac58c81792fe9327a1417c37a9

  • SSDEEP

    3072:YxYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////z:s0uXnWFchmmcI/o1/dMTBwZ4r5

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://aboveandbelow.com.au/cgi-bin/Lbi20Tu/

exe.dropper

https://amacshowerscreens.com.au/wp-includes/K5/

exe.dropper

http://athleteacademy.net/wp-admin/VDDlV/

exe.dropper

http://www.jayamelectronics.com/assets/TwgdI/

exe.dropper

http://intelligence.com.sg/registration/JGX3I/

exe.dropper

http://sorvetesbrotinho.com.br/novo/8edJm/

exe.dropper

http://printed.com.mx/fonts/E6a/

Targets

    • Target

      872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118

    • Size

      216KB

    • MD5

      872cd0d6fc9037131b6f2bdcfa7cbee5

    • SHA1

      5d6eb7600b06659eb2b77105e606990209e3d7b9

    • SHA256

      cce15dec3bc1410569a816b6fac4c8f582b572af674a8fc37b31864bc92e417b

    • SHA512

      21bec23ffbe96a4f30ccd0e0ccee873654d9fc9ab5455267b8f012e8d0739b9adfabe2e1d5613901f2573eec67111a89084bc8ac58c81792fe9327a1417c37a9

    • SSDEEP

      3072:YxYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////z:s0uXnWFchmmcI/o1/dMTBwZ4r5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks