General

  • Target

    8766e2aa87c8731043047cbfba79636f_JaffaCakes118

  • Size

    230KB

  • Sample

    240531-sb5rpabh9y

  • MD5

    8766e2aa87c8731043047cbfba79636f

  • SHA1

    140a17470b1305d013428350efc8049d5e4463ec

  • SHA256

    5dff91cf6d41a1afd397c3c21a5b5a401acbb9abf2dc6e09df6f45b8f8dd9af2

  • SHA512

    b536bf3749e41470b1642aaabab9a8c839159ea2e8aa71e0ae2baa8aed571b333bd49a1bfdd5bc2345b396fcdbe438aad911a229e05013f51e5039170fb842ea

  • SSDEEP

    3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HqJwnffRa:yHgtEWPsL/aTyT9Gkw8qJwnffRa

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://arsan.com.br/img_b2w/jstgflap98/

exe.dropper

http://koester-pb.de/cgi-bin/HoDIPqV/

exe.dropper

http://aragonmetal.com/_installation/LPMGMZroO/

exe.dropper

https://www.witdigi.com/wp-content/uploads/iBeE/

exe.dropper

http://yellowstonefitness.com/j5es7cx/QgLkys4ga64g228/

Targets

    • Target

      8766e2aa87c8731043047cbfba79636f_JaffaCakes118

    • Size

      230KB

    • MD5

      8766e2aa87c8731043047cbfba79636f

    • SHA1

      140a17470b1305d013428350efc8049d5e4463ec

    • SHA256

      5dff91cf6d41a1afd397c3c21a5b5a401acbb9abf2dc6e09df6f45b8f8dd9af2

    • SHA512

      b536bf3749e41470b1642aaabab9a8c839159ea2e8aa71e0ae2baa8aed571b333bd49a1bfdd5bc2345b396fcdbe438aad911a229e05013f51e5039170fb842ea

    • SSDEEP

      3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HqJwnffRa:yHgtEWPsL/aTyT9Gkw8qJwnffRa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks