General

  • Target

    876c076df2b5e1b6e83a14875b4352f6_JaffaCakes118

  • Size

    194KB

  • Sample

    240531-sgn15acb4s

  • MD5

    876c076df2b5e1b6e83a14875b4352f6

  • SHA1

    f284ad63c4334bab51498921bd7731af699ce7c4

  • SHA256

    389d939ee0561031b3d437377550de0aa2e31ebecca5bc6529fe3f5b1c2ce8a1

  • SHA512

    af8910e7a467c18d10c74ea06dcb60853dbf15bf59d6dec71157681083cc3e04083ed7ac7f0ac5c070e32a5f19267b9bceb7356b159833bf971e7ce51656e295

  • SSDEEP

    1536:2rdi1Ir77zOH98Wj2gpngh+a9g8ul8oPhEPmRl6VO/4B:2rfrzOH98ipgM8ul8uWP+l6VO/4B

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://vstbar.com/wp-admin/Hs/

exe.dropper

http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/

exe.dropper

http://shahqutubuddin.org/U/

exe.dropper

http://cybersign-001-site5.gtempurl.com/2xwzq/bve/

exe.dropper

https://star-speed.vip/wp-admin/Ttv/

exe.dropper

https://treneg.com.br/rfvmbh/a/

exe.dropper

https://cimsjr.com/hospital/x2f/

Targets

    • Target

      876c076df2b5e1b6e83a14875b4352f6_JaffaCakes118

    • Size

      194KB

    • MD5

      876c076df2b5e1b6e83a14875b4352f6

    • SHA1

      f284ad63c4334bab51498921bd7731af699ce7c4

    • SHA256

      389d939ee0561031b3d437377550de0aa2e31ebecca5bc6529fe3f5b1c2ce8a1

    • SHA512

      af8910e7a467c18d10c74ea06dcb60853dbf15bf59d6dec71157681083cc3e04083ed7ac7f0ac5c070e32a5f19267b9bceb7356b159833bf971e7ce51656e295

    • SSDEEP

      1536:2rdi1Ir77zOH98Wj2gpngh+a9g8ul8oPhEPmRl6VO/4B:2rfrzOH98ipgM8ul8uWP+l6VO/4B

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks