905d2985fc30fedbcc393a5b04430e2295315be12c06621ded50ac159aec6b78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb927e5bbb0d6af39a4dafda04ec6f51_JaffaCakes118
Size

207KB
Sample

240919-sad8cavekl
MD5

eb927e5bbb0d6af39a4dafda04ec6f51
SHA1

b2d6d40beecb9404c146446170f869cfbabb1a9c
SHA256

905d2985fc30fedbcc393a5b04430e2295315be12c06621ded50ac159aec6b78
SHA512

3b15d38edf92f658480e8bf8dcd15fd87e7dc77904963d865d281fc38d42542c0c8995842d753578256020e113e7a4ccea1bc29ccadf428120117a49d1c829d9
SSDEEP

3072:nF2y/GdyPktGDWLS0HZWD5w8K7Nk9VD7IBU4v908leSPmr73Rt8XpBo:nF2k43tGiL3HJk9VD7b4F08Z6FeXpa

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://citationvie.com/wp-includes/F4E7VRR/

exe.dropper

https://tapucreative.com/wp-admin/ds54af/

exe.dropper

http://driventodaypodcast.com/megaphone/wrm/

exe.dropper

http://datrangsuc.com/wp-admin/Szzu2WcG/

exe.dropper

http://nguyenquocltd.com/wp-content/p7dl/

Targets

- Target
  
  eb927e5bbb0d6af39a4dafda04ec6f51_JaffaCakes118
- Size
  
  207KB
- MD5
  
  eb927e5bbb0d6af39a4dafda04ec6f51
- SHA1
  
  b2d6d40beecb9404c146446170f869cfbabb1a9c
- SHA256
  
  905d2985fc30fedbcc393a5b04430e2295315be12c06621ded50ac159aec6b78
- SHA512
  
  3b15d38edf92f658480e8bf8dcd15fd87e7dc77904963d865d281fc38d42542c0c8995842d753578256020e113e7a4ccea1bc29ccadf428120117a49d1c829d9
- SSDEEP
  
  3072:nF2y/GdyPktGDWLS0HZWD5w8K7Nk9VD7IBU4v908leSPmr73Rt8XpBo:nF2k43tGiL3HJk9VD7b4F08Z6FeXpa
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2