General
-
Target
ed0571d760d427364e36778626a10456_JaffaCakes118
-
Size
169KB
-
Sample
240920-hav6rashnc
-
MD5
ed0571d760d427364e36778626a10456
-
SHA1
084a9f60cb71b5b36b8a8ffba732aed9e9fc6df3
-
SHA256
ee6e5cb609d013597e0e25c99a83f154cba198f5979d358fadb0d532eb0c2c26
-
SHA512
522f2334ed3215bb11fff70d5a1452bd60ee04b90b61edc5dc49fcc682bac695f078a12dc564045ec947eeb46402a8d7da520d2dfd02ca4c8218746d29cb3bd7
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35Hc:trfrzOH98ipgolq+i
Malware Config
Extracted
http://theccwork.com/mail.theccwork.com/IJp/
https://www.retirementprofessional.com/wp-admin/tjQ/
https://writingfromling.live/wp-admin/GL/
http://shahqutubuddin.org/ix/
https://jumpstart.store/wp-admin/q/
https://aidenshirt.com/wp-admin/e6f/
https://edenrug.store/wp-admin/H/
Targets
-
-
Target
ed0571d760d427364e36778626a10456_JaffaCakes118
-
Size
169KB
-
MD5
ed0571d760d427364e36778626a10456
-
SHA1
084a9f60cb71b5b36b8a8ffba732aed9e9fc6df3
-
SHA256
ee6e5cb609d013597e0e25c99a83f154cba198f5979d358fadb0d532eb0c2c26
-
SHA512
522f2334ed3215bb11fff70d5a1452bd60ee04b90b61edc5dc49fcc682bac695f078a12dc564045ec947eeb46402a8d7da520d2dfd02ca4c8218746d29cb3bd7
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35Hc:trfrzOH98ipgolq+i
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-