General
-
Target
969793d6e2eaec03f204154d88cb4f49_JaffaCakes118
-
Size
166KB
-
Sample
240814-sg5nwatejl
-
MD5
969793d6e2eaec03f204154d88cb4f49
-
SHA1
bf6a1029b1898730200a5baad7946f767aeb85d9
-
SHA256
f937aa80619d0e37226ade07e800da5677a6749ba0b0bc4427fc620e9b8d98b2
-
SHA512
f69c8b49468e382beca1d67eeb85537b531920b45132f9a1372a41dad79e630d10209bf014a50cedfa9dafd86655cf168d7a185dd176cc9bd8681c8eabdbec0e
-
SSDEEP
1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqzdotKdz/Rek6Ef3Ei9WEvOE:OR1qf69xak3MgxmRKl/R89i9WAOE
Malware Config
Extracted
http://odeftg.com/odeftg.com/S/
http://hbprivileged.com/info/S/
http://equipamentosmix.com/10/U/
http://mianusman.com/cgi-bin/Fo/
https://www.hairlineunisexsalon.com/demo/CyD/
http://liulibug.com/wp-admin/8Aw/
https://fcbc.group/wp-includes/O/
Targets
-
-
Target
969793d6e2eaec03f204154d88cb4f49_JaffaCakes118
-
Size
166KB
-
MD5
969793d6e2eaec03f204154d88cb4f49
-
SHA1
bf6a1029b1898730200a5baad7946f767aeb85d9
-
SHA256
f937aa80619d0e37226ade07e800da5677a6749ba0b0bc4427fc620e9b8d98b2
-
SHA512
f69c8b49468e382beca1d67eeb85537b531920b45132f9a1372a41dad79e630d10209bf014a50cedfa9dafd86655cf168d7a185dd176cc9bd8681c8eabdbec0e
-
SSDEEP
1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqzdotKdz/Rek6Ef3Ei9WEvOE:OR1qf69xak3MgxmRKl/R89i9WAOE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-