General

  • Target

    8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118

  • Size

    471KB

  • Sample

    240602-fk53lacd38

  • MD5

    8cf2b7cce1627f7bd2ad82acd28e7a8b

  • SHA1

    aec23aa55dcbddc448feeae60151eb779543462f

  • SHA256

    5f27f1b36393f4bb01d4367b2dad234ac11a033ec6a48e2b50975507ceab8027

  • SHA512

    102b7f2b951216c4a1c37881bc4c6344090b016cfb2097067120c07bbabfa3623a02eac3425fac7e1e3bfb774c018b9f6b5244b50f24a4212f6042ef0a5e95f2

  • SSDEEP

    6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://shashlichnydom.ru/NbEDRSsyiy_Rl2

exe.dropper

http://wolf.camera/jkeU0iK6Mf8v_dy0Ad

exe.dropper

http://www.marekvoprsal.cz/s1yTiin0l_AUP

exe.dropper

http://www.eufacopublicidade.com.br/ULxnLcrzzz4E

exe.dropper

http://londonmarathon2019.kevinmiller66.co.uk/9bT6FbyqID9O9B

Targets

    • Target

      8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118

    • Size

      471KB

    • MD5

      8cf2b7cce1627f7bd2ad82acd28e7a8b

    • SHA1

      aec23aa55dcbddc448feeae60151eb779543462f

    • SHA256

      5f27f1b36393f4bb01d4367b2dad234ac11a033ec6a48e2b50975507ceab8027

    • SHA512

      102b7f2b951216c4a1c37881bc4c6344090b016cfb2097067120c07bbabfa3623a02eac3425fac7e1e3bfb774c018b9f6b5244b50f24a4212f6042ef0a5e95f2

    • SSDEEP

      6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks