General

  • Target

    e6ab9a446b83f844455158ae671c1977_JaffaCakes118

  • Size

    183KB

  • Sample

    240917-m2qskazaqp

  • MD5

    e6ab9a446b83f844455158ae671c1977

  • SHA1

    8d871c28578b49a13304ee9a3d6490425e30a91e

  • SHA256

    6da70e0246338ef86cc0dd0e60504127ec28ccf40607ae2c3b78d62c6a91ea5c

  • SHA512

    e04084b56726fa10a286ce6fbe9b91f654d72d886c4ad85da5e604e1729ffb2c0ea5b9ac80aad92002949ff03674bb00583b272d0c1142e51846958f023f59b9

  • SSDEEP

    3072:s77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qPVxuXKc29HzPBx4Pr1yL+xLtNX:s77HUUUUUUUUUUUUUUUUUUUT52VWcXKq

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://alpinaemlak.com/wp-contents/5SZUz/

exe.dropper

http://celebration-studio.com/wp-admin/Z0Gik/

exe.dropper

http://absimpex.com/images/9KOW/

exe.dropper

http://jaspinformatica.com/boxcloud/aX/

exe.dropper

https://inovatips.com/9yorcan/Y1io/

Targets

    • Target

      e6ab9a446b83f844455158ae671c1977_JaffaCakes118

    • Size

      183KB

    • MD5

      e6ab9a446b83f844455158ae671c1977

    • SHA1

      8d871c28578b49a13304ee9a3d6490425e30a91e

    • SHA256

      6da70e0246338ef86cc0dd0e60504127ec28ccf40607ae2c3b78d62c6a91ea5c

    • SHA512

      e04084b56726fa10a286ce6fbe9b91f654d72d886c4ad85da5e604e1729ffb2c0ea5b9ac80aad92002949ff03674bb00583b272d0c1142e51846958f023f59b9

    • SSDEEP

      3072:s77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qPVxuXKc29HzPBx4Pr1yL+xLtNX:s77HUUUUUUUUUUUUUUUUUUUT52VWcXKq

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks