7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813 | Triage

Sharing

General

Target

c918f47fda0745fedaca86195397ace0_JaffaCakes118
Size

248KB
Sample

240829-sv1xva1arn
MD5

c918f47fda0745fedaca86195397ace0
SHA1

90367cd9c7d83d6028e0125123541a138c5a82d6
SHA256

7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813
SHA512

894663307c2bc59f31ac3fd5ae6934971dd8b7beebbbcb18de5d020ad43309baf8a1012662c33b195dc1bd3bfcaae45a87e5b5ef396cb58d0e56f0956fb781ac
SSDEEP

3072:BO4ZAi7XnrA+Tj7/tKXYAO+aqjL/xSu90OoiLuDKZXfwKeljR17:BOCA83rA+Tj7lKYMa4xUOmD+XfwLH

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://ttobus.com/ZtzZFiHGL_r

exe.dropper

http://bilanacc.com/P7BuwLoQsTjP0hBVF

exe.dropper

http://gclubfan.com/ahjpTwNsvu2X_Q7h

exe.dropper

http://katariahospital.com/tquLevYG

exe.dropper

http://pjfittedkitchens.com/uerfWET_jrbze

Targets

- Target
  
  c918f47fda0745fedaca86195397ace0_JaffaCakes118
- Size
  
  248KB
- MD5
  
  c918f47fda0745fedaca86195397ace0
- SHA1
  
  90367cd9c7d83d6028e0125123541a138c5a82d6
- SHA256
  
  7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813
- SHA512
  
  894663307c2bc59f31ac3fd5ae6934971dd8b7beebbbcb18de5d020ad43309baf8a1012662c33b195dc1bd3bfcaae45a87e5b5ef396cb58d0e56f0956fb781ac
- SSDEEP
  
  3072:BO4ZAi7XnrA+Tj7/tKXYAO+aqjL/xSu90OoiLuDKZXfwKeljR17:BOCA83rA+Tj7lKYMa4xUOmD+XfwLH
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2