General

  • Target

    c2fe94c0a4b41acf21580425c9d6da5d_JaffaCakes118

  • Size

    35KB

  • Sample

    240826-pm1qbsvdrk

  • MD5

    c2fe94c0a4b41acf21580425c9d6da5d

  • SHA1

    697b4675ef06283e5ce12ae52f123e76a5343b4e

  • SHA256

    769ab14597f0fc0fe701ff9caf7e2de93638928c6081dbd5612c2e130e416fd1

  • SHA512

    9250a0bf0fa757047500db398a769894dc9b7ef640646ab60d0f019355d3cd8ece750a02b936abf3dbb2e335d090e74b7e19e7fa291aaee2ca5d2fc74046ca5f

  • SSDEEP

    768:XdvxHlcaQPy0iWYOcG4BDhnxD7oOE0ek3hOdsylKlgryzc4bNhZFGzE+cL2knAJj:XdvxHlcaQPy0iWYOcG4BDhnxD7oOEdkG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://alliedschoolmureedwala.com/server.php

xlm40.dropper

http://www.galerija-robin.si/server.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://alliedschoolmureedwala.com/server.php

xlm40.dropper

http://www.galerija-robin.si/server.php

Targets

    • Target

      c2fe94c0a4b41acf21580425c9d6da5d_JaffaCakes118

    • Size

      35KB

    • MD5

      c2fe94c0a4b41acf21580425c9d6da5d

    • SHA1

      697b4675ef06283e5ce12ae52f123e76a5343b4e

    • SHA256

      769ab14597f0fc0fe701ff9caf7e2de93638928c6081dbd5612c2e130e416fd1

    • SHA512

      9250a0bf0fa757047500db398a769894dc9b7ef640646ab60d0f019355d3cd8ece750a02b936abf3dbb2e335d090e74b7e19e7fa291aaee2ca5d2fc74046ca5f

    • SSDEEP

      768:XdvxHlcaQPy0iWYOcG4BDhnxD7oOE0ek3hOdsylKlgryzc4bNhZFGzE+cL2knAJj:XdvxHlcaQPy0iWYOcG4BDhnxD7oOEdkG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks