General
-
Target
ececa7f4d7c922fa9707e1d52f42cf92_JaffaCakes118
-
Size
201KB
-
Sample
240920-f5mrra1arc
-
MD5
ececa7f4d7c922fa9707e1d52f42cf92
-
SHA1
743ca04fff27e4f1b92502165d1093c7678d1525
-
SHA256
235c1596d946f273671bd85c3edbd0a70adc0108e4e4c8c4b67c9fbd4665e4a3
-
SHA512
333e148688054dcbba8ef5ccf707144bcaec66a801900c9422828e45e080baa78ea2134466e0a8e40fc23f559ce20dc89ecb9d6c4af2b7273f6ed0beda30e036
-
SSDEEP
3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZqpSgKsiEHE+b64JE:dBtgVIveNZvn0zKjEkc6cE
Malware Config
Extracted
http://bavhome.com/wp-content/td/
http://hercinovic.com/cgi-bin/mZt/
https://jeffdahlke.com/css/3u/
http://calledtochange.org/CalledtoChange/V/
http://daoisthealing.com/cgi-bin/c/
https://scyzm.net/wp-content/j/
http://www.bismarjeparamebel.com/u/pCp/
Targets
-
-
Target
ececa7f4d7c922fa9707e1d52f42cf92_JaffaCakes118
-
Size
201KB
-
MD5
ececa7f4d7c922fa9707e1d52f42cf92
-
SHA1
743ca04fff27e4f1b92502165d1093c7678d1525
-
SHA256
235c1596d946f273671bd85c3edbd0a70adc0108e4e4c8c4b67c9fbd4665e4a3
-
SHA512
333e148688054dcbba8ef5ccf707144bcaec66a801900c9422828e45e080baa78ea2134466e0a8e40fc23f559ce20dc89ecb9d6c4af2b7273f6ed0beda30e036
-
SSDEEP
3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZqpSgKsiEHE+b64JE:dBtgVIveNZvn0zKjEkc6cE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-