General
-
Target
ae0191256d01a82c549f0d9d8ac7eae7_JaffaCakes118
-
Size
216KB
-
Sample
240820-f22rhavfng
-
MD5
ae0191256d01a82c549f0d9d8ac7eae7
-
SHA1
bbd90d93a710a234417d006ec2055ac1b325e19d
-
SHA256
7aa7d38a55d5f7d01ee40a977a2df63d0cd4c938482a2fba3c73e1844405a0fc
-
SHA512
2b85d7e68bc8ba5e906e3b8423ef5ae4b9096e2f2bd73f08408b5819ac887a7d232fd6e3011f9ed9a37d3f77f26c275541c1c68a0c7fc62d45ed7b0806a9ea91
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9iRQ3n7fxdSoNRQ:K22TWTogk079THcpOu5UZ33zBR5gvfR
Malware Config
Extracted
http://fulfillmententertainment.com/cgi-bin/jO/
http://meadtimes.com/wp-content/VZrDrTw/
http://pinturasydecoracionluis.com/wp-admin/fK3/
http://oconsign.com/cgi-bin/koLViD/
http://umapreowned.com/wp-admin/XF7RBbs/
http://kitecorp.ca/wp-includes/kEI98N/
http://moneyii.com/website/ddeoUDo/
Targets
-
-
Target
ae0191256d01a82c549f0d9d8ac7eae7_JaffaCakes118
-
Size
216KB
-
MD5
ae0191256d01a82c549f0d9d8ac7eae7
-
SHA1
bbd90d93a710a234417d006ec2055ac1b325e19d
-
SHA256
7aa7d38a55d5f7d01ee40a977a2df63d0cd4c938482a2fba3c73e1844405a0fc
-
SHA512
2b85d7e68bc8ba5e906e3b8423ef5ae4b9096e2f2bd73f08408b5819ac887a7d232fd6e3011f9ed9a37d3f77f26c275541c1c68a0c7fc62d45ed7b0806a9ea91
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9iRQ3n7fxdSoNRQ:K22TWTogk079THcpOu5UZ33zBR5gvfR
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-