General
-
Target
eab8d4a03bcffc09dea466bfac61c50e_JaffaCakes118
-
Size
162KB
-
Sample
240919-gr329avaql
-
MD5
eab8d4a03bcffc09dea466bfac61c50e
-
SHA1
456754fe9e6cbf4bb13323eeef99a9ff08857344
-
SHA256
802dd5e1e8ba9e22bf5e0844fb0c98b2f822c8411f9de09a6fe8ef31176d7899
-
SHA512
f5765ff470c76e5795bbcb3e8cca3b71b76f1ddae8139a4d29658f6cd4bbc1c03290ef0ef8f7fa3f93ba15edf9699b690aa0bdbe5fd216ef5b3ceeca687ee151
-
SSDEEP
1536:Brdi1Ir77zOH98Wj2gpngR+a9nGPrPkNFLCAAh:BrfrzOH98ipgrGPgN5BAh
Malware Config
Extracted
http://hoagietesting10.com/wp-content/SJ/
http://degepro.com/eTrac/s9/
http://hbprivileged.com/info/rp/
https://shoyannutrition.com/wp-includes/B4e/
https://ictsmkn2cibar.org/cgi-bin/N/
https://povedavicedo.com/wp-admin/d/
http://mbsolutions.ge/wp-admin/eRY/
Targets
-
-
Target
eab8d4a03bcffc09dea466bfac61c50e_JaffaCakes118
-
Size
162KB
-
MD5
eab8d4a03bcffc09dea466bfac61c50e
-
SHA1
456754fe9e6cbf4bb13323eeef99a9ff08857344
-
SHA256
802dd5e1e8ba9e22bf5e0844fb0c98b2f822c8411f9de09a6fe8ef31176d7899
-
SHA512
f5765ff470c76e5795bbcb3e8cca3b71b76f1ddae8139a4d29658f6cd4bbc1c03290ef0ef8f7fa3f93ba15edf9699b690aa0bdbe5fd216ef5b3ceeca687ee151
-
SSDEEP
1536:Brdi1Ir77zOH98Wj2gpngR+a9nGPrPkNFLCAAh:BrfrzOH98ipgrGPgN5BAh
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-