General

  • Target

    0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118

  • Size

    129KB

  • Sample

    240625-bvyn2stajd

  • MD5

    0bca9d9a4e10b794ac05375ebc19de86

  • SHA1

    43983f7c8b45057ec1d732586648f9ac515048f4

  • SHA256

    4cd16d4f199b5f619a377b3c260f8423a9e814cc680edad1505e4038fc38ddcc

  • SHA512

    9e1a3f4d842ea9c849dc7c345e29a6d760a6b4b48ab9d6efe7f8d2d694b7bf23431d57d97dbde18abe331d4565329f9cea6a1f6e4889c33ffa488a48da675d41

  • SSDEEP

    3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45468.0615696759.dat

xlm40.dropper

http://5.196.247.11/45468.0615696759.dat

xlm40.dropper

http://188.119.113.3/45468.0615696759.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45468.0616016204.dat

xlm40.dropper

http://5.196.247.11/45468.0616016204.dat

xlm40.dropper

http://188.119.113.3/45468.0616016204.dat

Targets

    • Target

      0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118

    • Size

      129KB

    • MD5

      0bca9d9a4e10b794ac05375ebc19de86

    • SHA1

      43983f7c8b45057ec1d732586648f9ac515048f4

    • SHA256

      4cd16d4f199b5f619a377b3c260f8423a9e814cc680edad1505e4038fc38ddcc

    • SHA512

      9e1a3f4d842ea9c849dc7c345e29a6d760a6b4b48ab9d6efe7f8d2d694b7bf23431d57d97dbde18abe331d4565329f9cea6a1f6e4889c33ffa488a48da675d41

    • SSDEEP

      3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks