General
-
Target
ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118
-
Size
171KB
-
Sample
240920-kmj1csxgje
-
MD5
ed3ac3c1698350adde5e38dde5f1975d
-
SHA1
bb2466c3fd9aaa2f604bcace5b70085aa3c4d0a2
-
SHA256
1e3b648d4c453ce0522af1478833be9b411d31b891f5479bef7805cc9e051cae
-
SHA512
4848c0ed541f054c31f6323423efca11cece95107198041c816a7411778ece0ea4f6ce8bb4c6102209d1c86a10816abf49daef423a5609a87085baf647d23f48
-
SSDEEP
3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7FcZaBD:Hs9ufsfgIf0pLhcZKD
Static task
static1
Behavioral task
behavioral1
Sample
ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://coffeecons.com/joomla30/LU7/
http://www.noramua.com/wp-content/Eb/
http://chakteholistico.com/wp-includes/7c/
https://zeitraisen.com/wordpress/GoG/
http://gosmart-online.com/wp-includes/9/
https://www.campuscamarafp.com/wp-admin/uEx/
http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/
Targets
-
-
Target
ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118
-
Size
171KB
-
MD5
ed3ac3c1698350adde5e38dde5f1975d
-
SHA1
bb2466c3fd9aaa2f604bcace5b70085aa3c4d0a2
-
SHA256
1e3b648d4c453ce0522af1478833be9b411d31b891f5479bef7805cc9e051cae
-
SHA512
4848c0ed541f054c31f6323423efca11cece95107198041c816a7411778ece0ea4f6ce8bb4c6102209d1c86a10816abf49daef423a5609a87085baf647d23f48
-
SSDEEP
3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7FcZaBD:Hs9ufsfgIf0pLhcZKD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-