General
-
Target
ed1e2d5de95cf9e326e7c420c90b1450_JaffaCakes118
-
Size
242KB
-
Sample
240920-jff5fsvgjg
-
MD5
ed1e2d5de95cf9e326e7c420c90b1450
-
SHA1
a23430ee595ac63f43433a206b00243797234e8d
-
SHA256
9161c882ef9eef91f92211138e668bc58a1ebd3e65cf75cd34076e0eb64bb892
-
SHA512
3c92bf26bbd617b81ae4a92e941984aa8c50067c395da3e229851c84fb6f582dd821137acd9a9a4d8ada3e1f8aaf46056ec8adaadd5ebe1678811852753167f3
-
SSDEEP
3072:XYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////b:Z0uXnWFchmmcI/o1/K/7
Malware Config
Extracted
http://localesfavoritos.com/wp-admin/c/
http://generalstorebd.com/wp-admin/pvI/
https://agrotradespecialist.com/re/xq/
http://laladiwanchandmodernwrestlingandyogacentre.com/wp-content/kg/
http://zzuzhi.xuezha.vip/themes/P/
http://octopusconsults.com/wp-content/En7/
https://minilillie.com/8npku7/b/
Targets
-
-
Target
ed1e2d5de95cf9e326e7c420c90b1450_JaffaCakes118
-
Size
242KB
-
MD5
ed1e2d5de95cf9e326e7c420c90b1450
-
SHA1
a23430ee595ac63f43433a206b00243797234e8d
-
SHA256
9161c882ef9eef91f92211138e668bc58a1ebd3e65cf75cd34076e0eb64bb892
-
SHA512
3c92bf26bbd617b81ae4a92e941984aa8c50067c395da3e229851c84fb6f582dd821137acd9a9a4d8ada3e1f8aaf46056ec8adaadd5ebe1678811852753167f3
-
SSDEEP
3072:XYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////b:Z0uXnWFchmmcI/o1/K/7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-