40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5 | Triage

Sharing

General

Target

d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118
Size

166KB
Sample

240909-fyvh1stcjj
MD5

d5b5cfbb95df232743dbad75d02c5575
SHA1

4cd181c06fe8b720867ca8371e4410d3a4898852
SHA256

40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5
SHA512

6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70
SSDEEP

1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk

Score

10^/10

discovery

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://odeftg.com/odeftg.com/S/

exe.dropper

http://hbprivileged.com/info/S/

exe.dropper

http://equipamentosmix.com/10/U/

exe.dropper

http://mianusman.com/cgi-bin/Fo/

exe.dropper

https://www.hairlineunisexsalon.com/demo/CyD/

exe.dropper

http://liulibug.com/wp-admin/8Aw/

exe.dropper

https://fcbc.group/wp-includes/O/

Targets

- Target
  
  d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118
- Size
  
  166KB
- MD5
  
  d5b5cfbb95df232743dbad75d02c5575
- SHA1
  
  4cd181c06fe8b720867ca8371e4410d3a4898852
- SHA256
  
  40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5
- SHA512
  
  6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70
- SSDEEP
  
  1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2