General
-
Target
ecbaa634a00740e33099fa10b6127d84_JaffaCakes118
-
Size
171KB
-
Sample
240920-dpb9zawdln
-
MD5
ecbaa634a00740e33099fa10b6127d84
-
SHA1
f36075b7009efb2e5f61509aeaedd18d9134beef
-
SHA256
5cb9f67f8d803e2b5cbdfa3f2be7bb32a7cde2670256be9d0c998626a49ce7f2
-
SHA512
b956d93b3739e0d0a3be7c37ab7ee8d0cf47721d70b91b1c48a104969c6d8ade1a50a84067b10fbff7beb13a2ed12f0067905e7fabc8ff66ad0566ca5ca488bd
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9CWvrCv3Pt6DsN:s22TWTogk079THcpOu5UZlvw3Pt6DsN
Malware Config
Extracted
http://ckinterbiz.com/backup/waI0rNy/
http://creationskateboards.com/shred/xnYp2/
http://bnmintl.com/cgi-bin/hQuB2/
http://buildingrobots.net/cgi-bin/LKgv/
http://booksearch.com/index_files/U/
http://davehale.ca/cgi-bin/v4kax/
https://www.equiposjj.com/cgi-bin/h0MId/
Targets
-
-
Target
ecbaa634a00740e33099fa10b6127d84_JaffaCakes118
-
Size
171KB
-
MD5
ecbaa634a00740e33099fa10b6127d84
-
SHA1
f36075b7009efb2e5f61509aeaedd18d9134beef
-
SHA256
5cb9f67f8d803e2b5cbdfa3f2be7bb32a7cde2670256be9d0c998626a49ce7f2
-
SHA512
b956d93b3739e0d0a3be7c37ab7ee8d0cf47721d70b91b1c48a104969c6d8ade1a50a84067b10fbff7beb13a2ed12f0067905e7fabc8ff66ad0566ca5ca488bd
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9CWvrCv3Pt6DsN:s22TWTogk079THcpOu5UZlvw3Pt6DsN
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-