General
-
Target
9d94eaa5971985fe0a370b6f70571fa4_JaffaCakes118
-
Size
242KB
-
Sample
240611-kkgr8a1aqh
-
MD5
9d94eaa5971985fe0a370b6f70571fa4
-
SHA1
cd434cf4955a28ec5faf9779c63c58bdd0e4f521
-
SHA256
3efda29907b74c348feb380198e81f82dfe13f13cf585d8738dc6a8d134ddafd
-
SHA512
1af955a0c1f8036db48eb281fefdd007d1f0dc4900c6429ea453a6dfb4f133689214480e5eb6123d2d2cdcfc7f8c5d56f678750653196e0aef48a6b1d2ac6575
-
SSDEEP
3072:XYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////D:Z0uXnWFchmmcI/o1/HqL
Malware Config
Extracted
http://localesfavoritos.com/wp-admin/c/
http://generalstorebd.com/wp-admin/pvI/
https://agrotradespecialist.com/re/xq/
http://laladiwanchandmodernwrestlingandyogacentre.com/wp-content/kg/
http://zzuzhi.xuezha.vip/themes/P/
http://octopusconsults.com/wp-content/En7/
https://minilillie.com/8npku7/b/
Targets
-
-
Target
9d94eaa5971985fe0a370b6f70571fa4_JaffaCakes118
-
Size
242KB
-
MD5
9d94eaa5971985fe0a370b6f70571fa4
-
SHA1
cd434cf4955a28ec5faf9779c63c58bdd0e4f521
-
SHA256
3efda29907b74c348feb380198e81f82dfe13f13cf585d8738dc6a8d134ddafd
-
SHA512
1af955a0c1f8036db48eb281fefdd007d1f0dc4900c6429ea453a6dfb4f133689214480e5eb6123d2d2cdcfc7f8c5d56f678750653196e0aef48a6b1d2ac6575
-
SSDEEP
3072:XYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////D:Z0uXnWFchmmcI/o1/HqL
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-