General
-
Target
b7a64d511a9cca3ce321f91af02cafe8_JaffaCakes118
-
Size
175KB
-
Sample
240822-pqpr8sxbnb
-
MD5
b7a64d511a9cca3ce321f91af02cafe8
-
SHA1
0825f7d591deeec9985ea2723977ade827425f57
-
SHA256
e3dc51bc9f8c677f14405f021c1a9ff9a3e99868fc68cc55320fd4234789fc83
-
SHA512
11db5cca714f49abe385c354beacab96adea4328c95ebb00ee3fd5696d7835a76f127c60e764b9dc7bbd1f1fde522a6f7335689ec148219cdc9e95dee98729cd
-
SSDEEP
3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hT7Q8eK8:UBtgVIveNZvnv88x8
Malware Config
Extracted
http://babyshop.webdungsan.com/wp-admin/n/
http://nguyenlieuphachehanoi.com/wp-admin/kL/
http://notesever.com/cgi-bin/Cfs/
http://superbetprediction.com/js/Qo/
http://pattanitkpark.com/gipe2h/iqt/
http://www.xxdaytoy.top/wp-content/E/
http://huaibangchina.com/kic3kc/c/
Targets
-
-
Target
b7a64d511a9cca3ce321f91af02cafe8_JaffaCakes118
-
Size
175KB
-
MD5
b7a64d511a9cca3ce321f91af02cafe8
-
SHA1
0825f7d591deeec9985ea2723977ade827425f57
-
SHA256
e3dc51bc9f8c677f14405f021c1a9ff9a3e99868fc68cc55320fd4234789fc83
-
SHA512
11db5cca714f49abe385c354beacab96adea4328c95ebb00ee3fd5696d7835a76f127c60e764b9dc7bbd1f1fde522a6f7335689ec148219cdc9e95dee98729cd
-
SSDEEP
3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hT7Q8eK8:UBtgVIveNZvnv88x8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-