General

  • Target

    ca0f833afca774582ce581f1658688ae_JaffaCakes118

  • Size

    223KB

  • Sample

    240830-cyfs3svamk

  • MD5

    ca0f833afca774582ce581f1658688ae

  • SHA1

    c13a6f5587244c2db5471c80906bcf090676ab37

  • SHA256

    1b6e8f2e829c1470f7327fe8e69660a2a7d5c5474a46e7e3668b93fb611e9ef5

  • SHA512

    305cb92696917cbbe215141fc4ea70083738a4e927c031a3b4d122c8ad561cabd823e2f0cb7862026395d79d577fcaa424064a75c6c83a19dc1b199e99bc1b40

  • SSDEEP

    6144:PTqm+fxY3qgVBCFVV71ttNSYEHl6iqWRM8v3bT:PTG5yqyBCFfSH8ey8v3bT

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://destinostumundo.com/layout/recruter.php

Targets

    • Target

      DocuSign_1300364728_188389488.xls

    • Size

      165KB

    • MD5

      1f66d321bf39d4112e5bd1d7107c42ed

    • SHA1

      fe3993e90a7992577065b2b1dd192c2f9e55338b

    • SHA256

      7d100659f0fcab0567790b00c4c4e354f3d38acc8a2fed82af97daef15fda75c

    • SHA512

      6657ec14d9d2277fa065b33ca564f97ff41c0881af1d6601e50a39f52e3968f28a02f25a4075e0c074ef64cf060ac4f21f0a7bd18b245fd06bf69fee5453537a

    • SSDEEP

      3072:bScKoSsxzNDZLDZjlbR868O8KlVH3jiKq7uDphYHceXVhca+fMHLtyeGxcl8OUMM:OcKoSsxzNDZLDZjlbR868O8KlVH3jiKx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks