General
-
Target
c164a231c90b0862a43d7ff543fd5e39_JaffaCakes118
-
Size
153KB
-
Sample
240825-xt65pa1gll
-
MD5
c164a231c90b0862a43d7ff543fd5e39
-
SHA1
48d2cd5e0c862561222dd9c11e3a546840a716af
-
SHA256
18964eb4976bd132088ce83e758dec1aa96db6da0cc8a51504e4c8fa7f2832f1
-
SHA512
41df3063e0340edfd4deaf80d93852af1d0d3345dff0d22e7bec649e2b631249f7d2948f9e909deef4d3d4c854b2a73bbfa9234f09ff5c0306bbd0be15c66568
-
SSDEEP
1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a92Q54LW0Ua:5rfrzOH98ipga+qDUa
Malware Config
Extracted
http://intrasistemas.com/cgi-bin/mTQls3/
http://gforcems.it/modules/D/
http://cooltattoo.es/hatone/6YAA0O2/
http://diesner.de/css/cf/
http://go4it24.be/administrator/Q1r3/
http://eltrafalgar.com/wp-includes/VFSi/
http://infoestudio.es/cursos/qPP/
Targets
-
-
Target
c164a231c90b0862a43d7ff543fd5e39_JaffaCakes118
-
Size
153KB
-
MD5
c164a231c90b0862a43d7ff543fd5e39
-
SHA1
48d2cd5e0c862561222dd9c11e3a546840a716af
-
SHA256
18964eb4976bd132088ce83e758dec1aa96db6da0cc8a51504e4c8fa7f2832f1
-
SHA512
41df3063e0340edfd4deaf80d93852af1d0d3345dff0d22e7bec649e2b631249f7d2948f9e909deef4d3d4c854b2a73bbfa9234f09ff5c0306bbd0be15c66568
-
SSDEEP
1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a92Q54LW0Ua:5rfrzOH98ipga+qDUa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-