General

  • Target

    87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118

  • Size

    172KB

  • Sample

    240531-w5fw7sgg4v

  • MD5

    87ed8c4d0624cb54f5cc4892e8a2c8ce

  • SHA1

    978673706e2661270572b6fd310dee626b14bba4

  • SHA256

    4988159f7deee6fa12b723aa0158f06c3e3b77034a97827b39e69ffa5c2b8d16

  • SHA512

    484591b8ec28713713617d0960e71e33067738fdb16f9f045c0018a00abb52d3f5f1466633ac979e1b091a5e5ce13bdf489e77925ef6fec02925ef9c64e1490a

  • SSDEEP

    1536:erdi1Ir77zOH98Wj2gpngR+a9GtxO8nq78ct2PU7MXKSSxH5pcKaJnT7y2V:erfrzOH98ipgpkBT79

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rhyton-building.com/wp-admin/Ey8qV0/

exe.dropper

http://ezzll.com/wp-includes/KIU2WU/

exe.dropper

http://tellmetech.com/wp-content/4ka/

exe.dropper

https://elmundodelareposteria.com/wp-admin/0PVVmJm/

exe.dropper

https://manuelrozas.cl/assets/XWN/

exe.dropper

https://haritdharni.com/wp-admin/bZM/

exe.dropper

https://theworks-group.com/site/pQT6j5/

Targets

    • Target

      87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118

    • Size

      172KB

    • MD5

      87ed8c4d0624cb54f5cc4892e8a2c8ce

    • SHA1

      978673706e2661270572b6fd310dee626b14bba4

    • SHA256

      4988159f7deee6fa12b723aa0158f06c3e3b77034a97827b39e69ffa5c2b8d16

    • SHA512

      484591b8ec28713713617d0960e71e33067738fdb16f9f045c0018a00abb52d3f5f1466633ac979e1b091a5e5ce13bdf489e77925ef6fec02925ef9c64e1490a

    • SSDEEP

      1536:erdi1Ir77zOH98Wj2gpngR+a9GtxO8nq78ct2PU7MXKSSxH5pcKaJnT7y2V:erfrzOH98ipgpkBT79

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks