fc2c7c6f30ea17c4fb186e5ef2ad8d32c2019523bcf12502ef9c5e9fadee6c86 | Triage

Sharing

General

Target

9cab7cd817d7e40c017508d72919a6af_JaffaCakes118
Size

227KB
Sample

240611-chwvcszepd
MD5

9cab7cd817d7e40c017508d72919a6af
SHA1

2093eb22cbcc280af937cf1b86f26dbe37ff5b3e
SHA256

fc2c7c6f30ea17c4fb186e5ef2ad8d32c2019523bcf12502ef9c5e9fadee6c86
SHA512

564dd7f08efddf1b5112751fc1f7e32287711c03134b3005113b348cd024a6ba4a8f1592fc5820d453ee2daea13f4632556c36e5a90e77274337809a4ba7cf36
SSDEEP

6144:lk3hOdsylKlgxopeiBNhZF+E+W2kdAmzHw5FS8KDZY+k2cbCJPYT:EzQ5FSjVcCQT

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://jumper.rocks/wp-index.php

xlm40.dropper

https://jumper.yoga/wp-index.php

Targets

- Target
  
  9cab7cd817d7e40c017508d72919a6af_JaffaCakes118
- Size
  
  227KB
- MD5
  
  9cab7cd817d7e40c017508d72919a6af
- SHA1
  
  2093eb22cbcc280af937cf1b86f26dbe37ff5b3e
- SHA256
  
  fc2c7c6f30ea17c4fb186e5ef2ad8d32c2019523bcf12502ef9c5e9fadee6c86
- SHA512
  
  564dd7f08efddf1b5112751fc1f7e32287711c03134b3005113b348cd024a6ba4a8f1592fc5820d453ee2daea13f4632556c36e5a90e77274337809a4ba7cf36
- SSDEEP
  
  6144:lk3hOdsylKlgxopeiBNhZF+E+W2kdAmzHw5FS8KDZY+k2cbCJPYT:EzQ5FSjVcCQT
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2