6dade8c0ed4e95b82f0b104512f23ccc20849853dd2c17c46f4a468b32eae0f9 | Triage

Sharing

General

Target

87484786363a6575fa1ea535b0d2b64f_JaffaCakes118
Size

224KB
Sample

240531-rjwy3sba6s
MD5

87484786363a6575fa1ea535b0d2b64f
SHA1

c5e011b0547faa8bcec31ddb06a14e37e5a5aa32
SHA256

6dade8c0ed4e95b82f0b104512f23ccc20849853dd2c17c46f4a468b32eae0f9
SHA512

6cb2d8d8b759e10290286c749afa468d07981c22f5fa26907c7b196d843c77bff587b89bffca7f5469a790716a5abaa2a0b0e1892d8b3fff4a91cee5cb513f5c
SSDEEP

3072:ZtUxagq58ghpPyjL/xSu90OoiLuDKZXfwKeljR1C:ZtUxagqOgvPAxUOmD+XfwLu

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k

exe.dropper

http://www.vario-reducer.com/wp-content/bGkoUUavZySGn

exe.dropper

http://kadinveyasam.org/wp-content/languages/EZ22B35GBTu9z_N

exe.dropper

http://mingroups.vn/NYV82LSYWEs_s1

exe.dropper

http://www.ontamada.ru/RDUstD0DxgOP

Targets

- Target
  
  87484786363a6575fa1ea535b0d2b64f_JaffaCakes118
- Size
  
  224KB
- MD5
  
  87484786363a6575fa1ea535b0d2b64f
- SHA1
  
  c5e011b0547faa8bcec31ddb06a14e37e5a5aa32
- SHA256
  
  6dade8c0ed4e95b82f0b104512f23ccc20849853dd2c17c46f4a468b32eae0f9
- SHA512
  
  6cb2d8d8b759e10290286c749afa468d07981c22f5fa26907c7b196d843c77bff587b89bffca7f5469a790716a5abaa2a0b0e1892d8b3fff4a91cee5cb513f5c
- SSDEEP
  
  3072:ZtUxagq58ghpPyjL/xSu90OoiLuDKZXfwKeljR1C:ZtUxagqOgvPAxUOmD+XfwLu
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2