General

  • Target

    87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118

  • Size

    156KB

  • Sample

    240531-vev3rsee7y

  • MD5

    87b25b3e4bce5753970f2cc9905c6946

  • SHA1

    fe03e8215c7dd1461fcafa10885b12a950a7b5dc

  • SHA256

    8e4a311d2368b3ef3374691d891e860542fbcd33a8c5df81d9264762449a41a5

  • SHA512

    3448345d893502556c7fb26c198421278eb6b5038ac6b625c5acdd72591a1eaed30df6b5011dd905d31f4aef85a0c84e74c951ca27b39b67c42bad7ab368a07b

  • SSDEEP

    3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXExZ843:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPx

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://infokamp.com/edmatvu/XcvhTJMoveELDQSwTUGIwp/

exe.dropper

http://aaitrader.com/wp-includes/TdWfQOsyteJAaXt/

exe.dropper

http://hoststore.ro/wp-includes/iIyDhkZnoKGa/

exe.dropper

https://fepa18.org/wp-admin/vZJPXdJUKbsQoR/

exe.dropper

https://ioszm.com/wp-content/VKvRtbEjecrTUWtZwLJPTASMB/

Targets

    • Target

      87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118

    • Size

      156KB

    • MD5

      87b25b3e4bce5753970f2cc9905c6946

    • SHA1

      fe03e8215c7dd1461fcafa10885b12a950a7b5dc

    • SHA256

      8e4a311d2368b3ef3374691d891e860542fbcd33a8c5df81d9264762449a41a5

    • SHA512

      3448345d893502556c7fb26c198421278eb6b5038ac6b625c5acdd72591a1eaed30df6b5011dd905d31f4aef85a0c84e74c951ca27b39b67c42bad7ab368a07b

    • SSDEEP

      3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXExZ843:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks