General

  • Target

    ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118

  • Size

    171KB

  • Sample

    240920-kmj1csxgje

  • MD5

    ed3ac3c1698350adde5e38dde5f1975d

  • SHA1

    bb2466c3fd9aaa2f604bcace5b70085aa3c4d0a2

  • SHA256

    1e3b648d4c453ce0522af1478833be9b411d31b891f5479bef7805cc9e051cae

  • SHA512

    4848c0ed541f054c31f6323423efca11cece95107198041c816a7411778ece0ea4f6ce8bb4c6102209d1c86a10816abf49daef423a5609a87085baf647d23f48

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7FcZaBD:Hs9ufsfgIf0pLhcZKD

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/

exe.dropper

http://www.noramua.com/wp-content/Eb/

exe.dropper

http://chakteholistico.com/wp-includes/7c/

exe.dropper

https://zeitraisen.com/wordpress/GoG/

exe.dropper

http://gosmart-online.com/wp-includes/9/

exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/

exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      ed3ac3c1698350adde5e38dde5f1975d_JaffaCakes118

    • Size

      171KB

    • MD5

      ed3ac3c1698350adde5e38dde5f1975d

    • SHA1

      bb2466c3fd9aaa2f604bcace5b70085aa3c4d0a2

    • SHA256

      1e3b648d4c453ce0522af1478833be9b411d31b891f5479bef7805cc9e051cae

    • SHA512

      4848c0ed541f054c31f6323423efca11cece95107198041c816a7411778ece0ea4f6ce8bb4c6102209d1c86a10816abf49daef423a5609a87085baf647d23f48

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7FcZaBD:Hs9ufsfgIf0pLhcZKD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks