General

  • Target

    1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118

  • Size

    129KB

  • Sample

    240702-pea5ps1fpg

  • MD5

    1f4a448f535f2a3657dfef39beb4a662

  • SHA1

    3469b525c73b66fab130abceb11f23eb53723b88

  • SHA256

    0a8b0b423e864ae0c19cbe56b135d804b91516bb9b633d889c315c757bfd3930

  • SHA512

    5e2d670ce62bb21ca703a24daeaa67094d759ee514ccf5306ea1f0e8db08b7d5eb232a657cecfac8560c67c77cab16fe078e836b0a762f44ed7d73b61e0996a0

  • SSDEEP

    3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45475.5098122685.dat

xlm40.dropper

http://5.196.247.11/45475.5098122685.dat

xlm40.dropper

http://188.119.113.3/45475.5098122685.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45475.5098185185.dat

xlm40.dropper

http://5.196.247.11/45475.5098185185.dat

xlm40.dropper

http://188.119.113.3/45475.5098185185.dat

Targets

    • Target

      1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118

    • Size

      129KB

    • MD5

      1f4a448f535f2a3657dfef39beb4a662

    • SHA1

      3469b525c73b66fab130abceb11f23eb53723b88

    • SHA256

      0a8b0b423e864ae0c19cbe56b135d804b91516bb9b633d889c315c757bfd3930

    • SHA512

      5e2d670ce62bb21ca703a24daeaa67094d759ee514ccf5306ea1f0e8db08b7d5eb232a657cecfac8560c67c77cab16fe078e836b0a762f44ed7d73b61e0996a0

    • SSDEEP

      3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks