Overview

overview

8

Static

static

8

Sharpshoot...nt.exe

windows7-x64

1

Sharpshoot...nt.exe

windows10-2004-x64

1

Sharpshoot...er.doc

windows7-x64

6

Sharpshoot...er.doc

windows10-2004-x64

1

Sharpshoot...nt.exe

windows7-x64

1

Sharpshoot...nt.exe

windows10-2004-x64

1

Sharpshoot...c2.doc

windows7-x64

6

Sharpshoot...c2.doc

windows10-2004-x64

1

Sharpshoot...er.doc

windows7-x64

6

Sharpshoot...er.doc

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    0cae79da615d3e0dceee34811fded4b4_JaffaCakes118

  • Size

    265KB

  • MD5

    0cae79da615d3e0dceee34811fded4b4

  • SHA1

    364f326372d277a29ccc35468d6345a132c66a1f

  • SHA256

    273a1012cb84d3b0f712e41f8cd429eb78d8063bc931766cc41c0bc94d601a72

  • SHA512

    06c5331251819b2831826f03c4e8ba45f601767c153f34656b5a36d5e1286018d93a794e502c75ef171486d72d779351061ecea265a1b7eb4b23aba0e9dccfbe

  • SSDEEP

    6144:uACWZnoZd0dbagE8VaO+8X88dZATIPAAmK9APziw/qLwfP:dZZnSdGbaz6apw88dZf9rOixLa

Score
8/10
macromacro_on_action

Malware Config

Signatures

  • Office macro that triggers on suspicious action 3 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 0cae79da615d3e0dceee34811fded4b4_JaffaCakes118
    .7z
  • Sharpshooter/SharpImplant
    .exe windows:5 windows x64 arch:x64

    259bfc7abe226cd6214a32f712fddb5e


    Headers

    Imports

    Sections

  • Sharpshooter/SharpShooter.doc
    .doc windows office2003
  • Sharpshooter/SharpShooterImplant
    .exe windows:5 windows x64 arch:x64

    259bfc7abe226cd6214a32f712fddb5e


    Headers

    Imports

    Sections

  • Sharpshooter/SharpshooterDoc2.doc
    .doc windows office2003
  • Sharpshooter/Strategic%20Planning%20Manager.doc
    .doc windows office2003