General

  • Target

    cd94ec530910994b0b9cbdd63b82a730_JaffaCakes118

  • Size

    36KB

  • Sample

    240831-zpzk6avekp

  • MD5

    cd94ec530910994b0b9cbdd63b82a730

  • SHA1

    01b64a2da4d35b5eda3dc8a8f0cbbbca6b4224e1

  • SHA256

    9ee2b3aec5d0e1b956786a70a41391984e8ee869128af370376da7e622a43c7b

  • SHA512

    c9efb8eb28052c8d73f304ac4f608804e30905ae3b8ae7ffc2deeb63cbad40850c548b0ba529a77170f34028d8bfa78317ff78fbc6733ce4cb9510af460daa70

  • SSDEEP

    768:lVzYYsemuPB7ZvZTZjcBH1S9lGiHt0aYH2PgQSMFMHKjH6gfw2wl:jzP1jZjc3S9l30aY6x6gfpU

Malware Config

Targets

    • Target

      0d50dafb-7146-4143-a35f-945aa0e21500.xls

    • Size

      93KB

    • MD5

      4ff0bd9d0f44e5617267f53170478b6e

    • SHA1

      0acd06457bf26877d37cd1534ff3d75a1d9eb440

    • SHA256

      2aa9dd48517c152179e2ccd597b2dbc7acfc4f4949b678630e254f8d19386e23

    • SHA512

      36a1e52b15d2c17b5a7651fd0cc0c9b70930d6694dbab8ab65713a980da3717c1dd60bf7c49905021d6c3e7868ca912a06273521fc204d5365860fa9fe93d83a

    • SSDEEP

      1536:tpppFSC6rsLj9a/rAppgb0k5Z95nnwKOo/82jcc0lbxOvTgZ/pvPUn4fHAOmcJt+:cF/82jcc0lbxOrkbTJtXwWC

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks