General
-
Target
a75da0fc938b6d09f556e2d98a52d8d2_JaffaCakes118
-
Size
170KB
-
Sample
240818-twrk8ssdre
-
MD5
a75da0fc938b6d09f556e2d98a52d8d2
-
SHA1
e723c7de3cb4162fe2f54b83a7ba259b51626a27
-
SHA256
10fe3df8f6540696c8eaf649bc752e30d5533b0203869ec0839cf045227620ba
-
SHA512
63f2c71bea271eb909d8312275df167e105643f8e53b6386115adbcb41546ac46ffd3b638a1e4976c9d27e219ef4ffc155033d2e9f98c260c0d05ed54f8ce8d7
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9gWvrCv3Pt6D8N:s22TWTogk079THcpOu5UZTvw3Pt6D8N
Malware Config
Extracted
http://ckinterbiz.com/backup/waI0rNy/
http://creationskateboards.com/shred/xnYp2/
http://bnmintl.com/cgi-bin/hQuB2/
http://buildingrobots.net/cgi-bin/LKgv/
http://booksearch.com/index_files/U/
http://davehale.ca/cgi-bin/v4kax/
https://www.equiposjj.com/cgi-bin/h0MId/
Targets
-
-
Target
a75da0fc938b6d09f556e2d98a52d8d2_JaffaCakes118
-
Size
170KB
-
MD5
a75da0fc938b6d09f556e2d98a52d8d2
-
SHA1
e723c7de3cb4162fe2f54b83a7ba259b51626a27
-
SHA256
10fe3df8f6540696c8eaf649bc752e30d5533b0203869ec0839cf045227620ba
-
SHA512
63f2c71bea271eb909d8312275df167e105643f8e53b6386115adbcb41546ac46ffd3b638a1e4976c9d27e219ef4ffc155033d2e9f98c260c0d05ed54f8ce8d7
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9gWvrCv3Pt6D8N:s22TWTogk079THcpOu5UZTvw3Pt6D8N
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-