General

  • Target

    ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118

  • Size

    173KB

  • Sample

    240919-wskpmasekf

  • MD5

    ebea1eca7bfe118cbdbfa26e308733fa

  • SHA1

    d16165438718f0f24b55e31e15bccbee4ffbe5ab

  • SHA256

    b38d528441ae53b3ee333f8a7b335e5f9b9093086cd3072c649eb570aeb430da

  • SHA512

    77eeced3e564ddfce967a064821b515d0a10d7aaa4d3f72c0e9f83219dda2f8fbbf1b033e3c5f54cf5a3144884b75c50b96a5ff48181bbc29260abaa8bc551f9

  • SSDEEP

    1536:erdi1Ir77zOH98Wj2gpngR+a97txO8nq78ct2PU7MXKSSxH5pcKaJnW7y2H:erfrzOH98ipg6kBW7/

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rhyton-building.com/wp-admin/Ey8qV0/

exe.dropper

http://ezzll.com/wp-includes/KIU2WU/

exe.dropper

http://tellmetech.com/wp-content/4ka/

exe.dropper

https://elmundodelareposteria.com/wp-admin/0PVVmJm/

exe.dropper

https://manuelrozas.cl/assets/XWN/

exe.dropper

https://haritdharni.com/wp-admin/bZM/

exe.dropper

https://theworks-group.com/site/pQT6j5/

Targets

    • Target

      ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118

    • Size

      173KB

    • MD5

      ebea1eca7bfe118cbdbfa26e308733fa

    • SHA1

      d16165438718f0f24b55e31e15bccbee4ffbe5ab

    • SHA256

      b38d528441ae53b3ee333f8a7b335e5f9b9093086cd3072c649eb570aeb430da

    • SHA512

      77eeced3e564ddfce967a064821b515d0a10d7aaa4d3f72c0e9f83219dda2f8fbbf1b033e3c5f54cf5a3144884b75c50b96a5ff48181bbc29260abaa8bc551f9

    • SSDEEP

      1536:erdi1Ir77zOH98Wj2gpngR+a97txO8nq78ct2PU7MXKSSxH5pcKaJnW7y2H:erfrzOH98ipg6kBW7/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks