General
-
Target
dab0ad3f72909efd87ff543bd09112de_JaffaCakes118
-
Size
170KB
-
Sample
240911-s87bsayepm
-
MD5
dab0ad3f72909efd87ff543bd09112de
-
SHA1
bce80b576a3b5b68eb97661e76dc9f581f7d8cef
-
SHA256
dc7e2135030000c1ea2210105e8eaebc8efd26a873cf4828a4e2d84a0b81805d
-
SHA512
bbdffa8939d649fdd2679ac3cc3ee475a7fd080f5d7c00c735d8a2924a97d8002443994b5110d6289f9a4c27c4c5dd059967a075307cfde5c0d103162ff50ad9
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35Hp:trfrzOH98ipgklqhi
Malware Config
Extracted
http://theccwork.com/mail.theccwork.com/IJp/
https://www.retirementprofessional.com/wp-admin/tjQ/
https://writingfromling.live/wp-admin/GL/
http://shahqutubuddin.org/ix/
https://jumpstart.store/wp-admin/q/
https://aidenshirt.com/wp-admin/e6f/
https://edenrug.store/wp-admin/H/
Targets
-
-
Target
dab0ad3f72909efd87ff543bd09112de_JaffaCakes118
-
Size
170KB
-
MD5
dab0ad3f72909efd87ff543bd09112de
-
SHA1
bce80b576a3b5b68eb97661e76dc9f581f7d8cef
-
SHA256
dc7e2135030000c1ea2210105e8eaebc8efd26a873cf4828a4e2d84a0b81805d
-
SHA512
bbdffa8939d649fdd2679ac3cc3ee475a7fd080f5d7c00c735d8a2924a97d8002443994b5110d6289f9a4c27c4c5dd059967a075307cfde5c0d103162ff50ad9
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35Hp:trfrzOH98ipgklqhi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-