General

  • Target

    87c8bc3bb187f4417dbd56454ab47d1c_JaffaCakes118

  • Size

    215KB

  • Sample

    240531-v7raaafd7z

  • MD5

    87c8bc3bb187f4417dbd56454ab47d1c

  • SHA1

    9575c8f8c131aee6fa039cb423195504c4fbbe82

  • SHA256

    dc22d99fa3a69c87670c71cbc507b1653370e7aaf7a476244463a2ce20770f05

  • SHA512

    4c6c4e1b8c4a45c708fcc74e9b2ee11c91912eee726473b5f5c4bd9c2a27ba9a6349f05f177d04bdb4857b91ecb26141472fdf14d8dd0412b694f832e4251dac

  • SSDEEP

    1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9skLShGkVAelnX4:222TWTogk079THcpOu5UZTWhGMlnIz

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dongyabingfu.com/wp-includes/w/

exe.dropper

http://givingthanksdaily.com/Q/

exe.dropper

http://uniteddatabase.net/wp-admin/dhJ/

exe.dropper

http://www.gozowindmill.com/meteo/nmy/

exe.dropper

http://kcdryervents.com/ca/D/

exe.dropper

http://www.greaudstudio.com/docs/kGQ/

exe.dropper

https://mrveggy.com/erros/3Ss/

Targets

    • Target

      87c8bc3bb187f4417dbd56454ab47d1c_JaffaCakes118

    • Size

      215KB

    • MD5

      87c8bc3bb187f4417dbd56454ab47d1c

    • SHA1

      9575c8f8c131aee6fa039cb423195504c4fbbe82

    • SHA256

      dc22d99fa3a69c87670c71cbc507b1653370e7aaf7a476244463a2ce20770f05

    • SHA512

      4c6c4e1b8c4a45c708fcc74e9b2ee11c91912eee726473b5f5c4bd9c2a27ba9a6349f05f177d04bdb4857b91ecb26141472fdf14d8dd0412b694f832e4251dac

    • SSDEEP

      1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9skLShGkVAelnX4:222TWTogk079THcpOu5UZTWhGMlnIz

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks