General
-
Target
a73c5942f57e45f09f5a6e41642a261c_JaffaCakes118
-
Size
226KB
-
Sample
240614-ac1v1szhnl
-
MD5
a73c5942f57e45f09f5a6e41642a261c
-
SHA1
5f8a71f808fe44ccb0f1cee26fb38e7f1f8b4842
-
SHA256
55f488456a435fb0ae3a9500bfc03e6c486be9c6a37960c8e5766c7811f23ef4
-
SHA512
6f20469e8c1b9c63822fbfd17f4ece42cb82ac2bdeb0eed102b49616b246e4ef25593d2df6cee49b82a72e5175427cd1410cbd5178c302b639d44f1c43c0b3e7
-
SSDEEP
3072:9vYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////U:X0uXnWFchmmcI/o1/saMdGL0wJAAn
Malware Config
Extracted
http://nurtandemir.com.tr/n/
http://www.jhomiorganiccotton.com/cgi-bin/qqeO0VU/
http://wit-consul.com/recruit/A7x/
http://www.cedem.com.br/cgi-bin/QaxzC/
http://ozzpot.com/assets/I/
https://xelnetportal.nl/catalog/DyaBD2/
http://premieroneescrow.com/PreOneMap/K/
Targets
-
-
Target
a73c5942f57e45f09f5a6e41642a261c_JaffaCakes118
-
Size
226KB
-
MD5
a73c5942f57e45f09f5a6e41642a261c
-
SHA1
5f8a71f808fe44ccb0f1cee26fb38e7f1f8b4842
-
SHA256
55f488456a435fb0ae3a9500bfc03e6c486be9c6a37960c8e5766c7811f23ef4
-
SHA512
6f20469e8c1b9c63822fbfd17f4ece42cb82ac2bdeb0eed102b49616b246e4ef25593d2df6cee49b82a72e5175427cd1410cbd5178c302b639d44f1c43c0b3e7
-
SSDEEP
3072:9vYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////U:X0uXnWFchmmcI/o1/saMdGL0wJAAn
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-