General

  • Target

    87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118

  • Size

    229KB

  • Sample

    240531-w5df3shf33

  • MD5

    87ed83ae7da60b75a48c009e57b743ad

  • SHA1

    bd6c4e6bf159134cc39292a3556ff1c4dd977f11

  • SHA256

    642f6238f4c26f7e8829b4739309809c5b2ec80f58e0beb4df4cbfdfd8ebe42a

  • SHA512

    c9dac09074e222d888430a969b9c2850d36a2c0f04556293238e19dc98b392ec751076d5b8dd495e5a7b96984a8b9eced9055034311f4b2f81b126693e98df8a

  • SSDEEP

    3072:dj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRIhoIwG/RwUn:dHgtEWPsL/aTyT9GkRIhjwG/Rf

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://speranza2000.com/wp-content/XnOLQdAmO/

exe.dropper

https://mamelina.com/wp-content/Dx2adk65/

exe.dropper

https://viralstyle.shop/jrfgw/LIQh0u72140141593/

exe.dropper

https://site.inquima.com.br/plugins/fOT86n0a63050/

exe.dropper

http://trainings.smartscape.eu/wp-admin/Ekybgo2d13356/

Targets

    • Target

      87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118

    • Size

      229KB

    • MD5

      87ed83ae7da60b75a48c009e57b743ad

    • SHA1

      bd6c4e6bf159134cc39292a3556ff1c4dd977f11

    • SHA256

      642f6238f4c26f7e8829b4739309809c5b2ec80f58e0beb4df4cbfdfd8ebe42a

    • SHA512

      c9dac09074e222d888430a969b9c2850d36a2c0f04556293238e19dc98b392ec751076d5b8dd495e5a7b96984a8b9eced9055034311f4b2f81b126693e98df8a

    • SSDEEP

      3072:dj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRIhoIwG/RwUn:dHgtEWPsL/aTyT9GkRIhjwG/Rf

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks