General

  • Target

    87a4a187092e93924e81f8d2bc94a237_JaffaCakes118

  • Size

    180KB

  • Sample

    240531-t2kpwaeb2z

  • MD5

    87a4a187092e93924e81f8d2bc94a237

  • SHA1

    f980b91b7dd0ac409099b17c05affa2f2072edd7

  • SHA256

    b58b532ed578092ac8a863ccb0eca5ca78a76c32aaa672f253524fdad31ca12c

  • SHA512

    eaadd4273751a752761d7d22158d58ef76b7710df5015ef6c1a726ac5f846b9fb06862f1f0d55bd3057d70dc6f3df1ec0804d0fa8e0cb7ffc2aea722492b91fb

  • SSDEEP

    1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9DSGIRK9b/WYjd2LO6h/QC27TWvo:crfrzOH98ipgrSGYK9TngLOm27TWvo

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sasystemsuk.com/index_files/j9b/

exe.dropper

https://case.gonukkad.com/sys-cache/fmC/

exe.dropper

http://vandamebuilders.com/wp-includes/OEyjc9x/

exe.dropper

https://nilinkeji.com/online/Dmz/

exe.dropper

http://paganwitch.com/wp-admin/CmubpSk/

exe.dropper

http://www.ekramco.ir/english/fn/

exe.dropper

http://votesteve.us/closed_zone/Bk/

Targets

    • Target

      87a4a187092e93924e81f8d2bc94a237_JaffaCakes118

    • Size

      180KB

    • MD5

      87a4a187092e93924e81f8d2bc94a237

    • SHA1

      f980b91b7dd0ac409099b17c05affa2f2072edd7

    • SHA256

      b58b532ed578092ac8a863ccb0eca5ca78a76c32aaa672f253524fdad31ca12c

    • SHA512

      eaadd4273751a752761d7d22158d58ef76b7710df5015ef6c1a726ac5f846b9fb06862f1f0d55bd3057d70dc6f3df1ec0804d0fa8e0cb7ffc2aea722492b91fb

    • SSDEEP

      1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9DSGIRK9b/WYjd2LO6h/QC27TWvo:crfrzOH98ipgrSGYK9TngLOm27TWvo

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks