c95d7e6efb2ec61100dba574e1a359927e9726efdad76b4c809b93ef12a06f73 | Triage

Sharing

General

Target

b9b0bfe962149e50c52b24cec1275534_JaffaCakes118
Size

217KB
Sample

240617-yebwnswakr
MD5

b9b0bfe962149e50c52b24cec1275534
SHA1

c7b3026099820fd57e7ca7c74944ac22d39e4054
SHA256

c95d7e6efb2ec61100dba574e1a359927e9726efdad76b4c809b93ef12a06f73
SHA512

702a55479507ef63758ee61b132e0cb913188913cf2bbdba20c41fdd967412ec54de83de4983540a9d7a2e58990d73d2496a4a5eac5e0fbc9b5943ec32f11a6b
SSDEEP

3072:SinJXfT7nasKiNKDzaJFUKc0UTE7yZRUV7RJeOzi80:5JXr7nbpEDzYUTE7yZRVUi80

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://mimiabner.com/22D_ZGrV5aY_AvvRf

exe.dropper

http://nt-group.kz/86Rzn_wmF7RyQ7F

exe.dropper

http://hartarizkigraha.co.id/wp-admin/JF0bdEb_lnQt6dKQ

exe.dropper

http://tasmatbaa.com/1MXeJC9_KSsQ7B

exe.dropper

http://trend-studio.art/k6jaCgS_Ukfd_apNei38I6

Targets

- Target
  
  b9b0bfe962149e50c52b24cec1275534_JaffaCakes118
- Size
  
  217KB
- MD5
  
  b9b0bfe962149e50c52b24cec1275534
- SHA1
  
  c7b3026099820fd57e7ca7c74944ac22d39e4054
- SHA256
  
  c95d7e6efb2ec61100dba574e1a359927e9726efdad76b4c809b93ef12a06f73
- SHA512
  
  702a55479507ef63758ee61b132e0cb913188913cf2bbdba20c41fdd967412ec54de83de4983540a9d7a2e58990d73d2496a4a5eac5e0fbc9b5943ec32f11a6b
- SSDEEP
  
  3072:SinJXfT7nasKiNKDzaJFUKc0UTE7yZRUV7RJeOzi80:5JXr7nbpEDzYUTE7yZRVUi80
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2