General

  • Target

    0cae79da615d3e0dceee34811fded4b4_JaffaCakes118

  • Size

    265KB

  • Sample

    240625-fplvhs1hrb

  • MD5

    0cae79da615d3e0dceee34811fded4b4

  • SHA1

    364f326372d277a29ccc35468d6345a132c66a1f

  • SHA256

    273a1012cb84d3b0f712e41f8cd429eb78d8063bc931766cc41c0bc94d601a72

  • SHA512

    06c5331251819b2831826f03c4e8ba45f601767c153f34656b5a36d5e1286018d93a794e502c75ef171486d72d779351061ecea265a1b7eb4b23aba0e9dccfbe

  • SSDEEP

    6144:uACWZnoZd0dbagE8VaO+8X88dZATIPAAmK9APziw/qLwfP:dZZnSdGbaz6apw88dZf9rOixLa

Malware Config

Targets

    • Target

      Sharpshooter/SharpImplant

    • Size

      196KB

    • MD5

      2e17b048c7e317da9024a86d9439c74b

    • SHA1

      31e79093d452426247a56ca0eff860b0ecc86009

    • SHA256

      37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71

    • SHA512

      7ee51e53242e59f49d32d6344cbb2c9f2976c7787d00b63d2470c83ff3053b83c86b37b2870127934e60001ed39cb99f486e07a900d34e5a6ba8d240e233494b

    • SSDEEP

      3072:GNYWVPW/DjEl0UTilrvZTsGTDNZe2xCJtuKjL9XoL7uF55OjJ7kNT:yYKsvEOUTkjZ3TDNZecCJtuKjxOuFK

    Score
    1/10
    • Target

      Sharpshooter/SharpShooter.doc

    • Size

      237KB

    • MD5

      fa27a81d0109653e67019f387bad2494

    • SHA1

      668b0df94c6d12ae86711ce24ce79dbe0ee2d463

    • SHA256

      f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11

    • SHA512

      ba3d871237b03537fdce3d3ebdf8a745122df054dce136ddcf9aca6af980b0fd8578053c05afada7dfefc54746e498cfa95587521c2b6367e3f4367eef9484d0

    • SSDEEP

      6144:kkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIgD:3dGs4LY5fUa2Gxz34X

    Score
    6/10
    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Target

      Sharpshooter/SharpShooterImplant

    • Size

      155KB

    • MD5

      f3bd9e1c01f2145eb475a98c87f94a25

    • SHA1

      9b0f22e129c73ce4c21be4122182f6dcbc351c95

    • SHA256

      88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646

    • SHA512

      e441ed2effd935b9c7db3e7eb1cca7b25b320b4adb08e2d9cccb45037a184e210ccf779dd64ad18c590212057656775b2428b3ba1f41ccb5d765d25945aa6f63

    • SSDEEP

      3072:ANYWVPW/DjEl0UTilrvZTsGTDNZe2xCJtuKjL9X05DT7VF55OjJs+T:4YKsvEOUTkjZ3TDNZecCJtuKjxOVFd

    Score
    1/10
    • Target

      Sharpshooter/SharpshooterDoc2.doc

    • Size

      237KB

    • MD5

      20594c33c2d59544a3e8ef5b7a547e71

    • SHA1

      66776c50bcc79bbcecdbe99960e6ee39c8a31181

    • SHA256

      876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03

    • SHA512

      612141f1c81627fa965c8f0bbd0cdd8c2d718947c3b9649188be292f203267255d14dc9ea009e9e2aa3dd3fd691707a173d9d8fefa25869fbfeb906f133bbfa3

    • SSDEEP

      6144:KkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIgLx:ldGs4LY5fUa2Gxz34Xix

    Score
    6/10
    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Target

      Sharpshooter/Strategic%20Planning%20Manager.doc

    • Size

      236KB

    • MD5

      a82cdb9f5bffcb24708e66eb52cce2af

    • SHA1

      8106a30bd35526bded384627d8eebce15da35d17

    • SHA256

      4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264

    • SHA512

      4dad93296dc98e6c53f340640d519550daa82fe7d5eda3d34cdc5b3ebde7d183fb79f32c87709e6f52db917832826b80eabc33d8efc480e5fc6a018099c0a056

    • SSDEEP

      6144:TkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIg+:gdGs4LY5fUa2Gxz34X1

    Score
    6/10
    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks