General

  • Target

    874f655245be972f39df983f9d2b7a4b_JaffaCakes118

  • Size

    158KB

  • Sample

    240531-rqkjmabg75

  • MD5

    874f655245be972f39df983f9d2b7a4b

  • SHA1

    69a632e6e82dfeb00354c640b261ce2e6f16f15b

  • SHA256

    4b30a75800dac8e687499541fa381736b76d3f3b69146ea8801962b7eec548bb

  • SHA512

    fbf6012f4e5ef6059fd5521250af88c373ef8fcb913b137f0d721e2ab9ccbc299b0ea892aa0475f1bfdda9330e346de22be3a884e56166cf763a00414c02e7ec

  • SSDEEP

    1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9KlJiPn:1rfrzOH98ipgYYPn

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://case.gonukkad.com/sys-cache/CjT/

exe.dropper

https://starrcoin.net/wp-admin/YT/

exe.dropper

http://modelaw.devkind.com.au/wp-admin/cvDRmGK/

exe.dropper

http://dprkp.palembang.go.id/sys-cache/7Y4aHw/

exe.dropper

http://completeguideblogging.com/euiot/PAuJG/

exe.dropper

http://qutiche.cn/wp-admin/Q/

exe.dropper

https://shiva-engineering.com/1cj/tKemHV7/

Targets

    • Target

      874f655245be972f39df983f9d2b7a4b_JaffaCakes118

    • Size

      158KB

    • MD5

      874f655245be972f39df983f9d2b7a4b

    • SHA1

      69a632e6e82dfeb00354c640b261ce2e6f16f15b

    • SHA256

      4b30a75800dac8e687499541fa381736b76d3f3b69146ea8801962b7eec548bb

    • SHA512

      fbf6012f4e5ef6059fd5521250af88c373ef8fcb913b137f0d721e2ab9ccbc299b0ea892aa0475f1bfdda9330e346de22be3a884e56166cf763a00414c02e7ec

    • SSDEEP

      1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9KlJiPn:1rfrzOH98ipgYYPn

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks