General
-
Target
a9ea44d6cfa681a90964c8631dd476d2_JaffaCakes118
-
Size
234KB
-
Sample
240614-qqv5pasemh
-
MD5
a9ea44d6cfa681a90964c8631dd476d2
-
SHA1
2cb9b81a6c82ee8e4ec85186051fc2bbd80dbf4a
-
SHA256
2d51558b5419099144970c2792caf962490237f9f74ebc0f5c61d2f47d5419e8
-
SHA512
b561493766d0466bf8f128f3a5adff036fa6ed850b278af2801ffe018e43df718a3ed359acb13d111996f8d32b915c9e0877b7a3b49c60a9700fabb2ee6f696d
-
SSDEEP
3072:xj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkDSUXLwsPzr:xHgtEWPsL/aTyT9GkDSU7wsH
Malware Config
Extracted
http://identisoft.pt/istore/uyg0iy068972/
http://digitalumesh.tech/cgi-bin/mUl/
http://cidadehoje.pt/wp-includes/mDobpkdtbyht707/
http://conferenceroom.ge/wp-content/kEUjjuivo101725/
http://www.xindisk.com/w48o/TZJS/
Targets
-
-
Target
a9ea44d6cfa681a90964c8631dd476d2_JaffaCakes118
-
Size
234KB
-
MD5
a9ea44d6cfa681a90964c8631dd476d2
-
SHA1
2cb9b81a6c82ee8e4ec85186051fc2bbd80dbf4a
-
SHA256
2d51558b5419099144970c2792caf962490237f9f74ebc0f5c61d2f47d5419e8
-
SHA512
b561493766d0466bf8f128f3a5adff036fa6ed850b278af2801ffe018e43df718a3ed359acb13d111996f8d32b915c9e0877b7a3b49c60a9700fabb2ee6f696d
-
SSDEEP
3072:xj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkDSUXLwsPzr:xHgtEWPsL/aTyT9GkDSU7wsH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-