1706fbe760eab15d7b66ce7af36c484b20553554010b0e99ea9aee7d291d6a8e

General

Target

d2e69d8be678035ca493970d50bb5fcb_JaffaCakes118
Size

181KB
Sample

240907-1l62hazapf
MD5

d2e69d8be678035ca493970d50bb5fcb
SHA1

b3fc77d5086f16330b011aab7da4190300166234
SHA256

1706fbe760eab15d7b66ce7af36c484b20553554010b0e99ea9aee7d291d6a8e
SHA512

28e89b87d02921e6548e046445acc114d7000e55e798b392b9285c71f9f838778a24b42530a67944c237464b8858ba084108ca51a51507b3501028e32f12feb0
SSDEEP

3072:x5S2/q0aVVo6aA7uDgZylYYkKPlmp1AEkkPJ:xM2C0aVNa6uEytkCE

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://re-oz.ru/Rhsri/

exe.dropper

http://www.utilitybillingsoftwares.com/Yr13ok/

exe.dropper

http://t-p-e.net/M8uZOL/

exe.dropper

http://cathroughmylens.com/XztRX8o/

Targets

- Target
  
  d2e69d8be678035ca493970d50bb5fcb_JaffaCakes118
- Size
  
  181KB
- MD5
  
  d2e69d8be678035ca493970d50bb5fcb
- SHA1
  
  b3fc77d5086f16330b011aab7da4190300166234
- SHA256
  
  1706fbe760eab15d7b66ce7af36c484b20553554010b0e99ea9aee7d291d6a8e
- SHA512
  
  28e89b87d02921e6548e046445acc114d7000e55e798b392b9285c71f9f838778a24b42530a67944c237464b8858ba084108ca51a51507b3501028e32f12feb0
- SSDEEP
  
  3072:x5S2/q0aVVo6aA7uDgZylYYkKPlmp1AEkkPJ:xM2C0aVNa6uEytkCE
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2