General
-
Target
ed4039f3fd3713962719074e1c95723d_JaffaCakes118
-
Size
213KB
-
Sample
240920-kv6t4aybmf
-
MD5
ed4039f3fd3713962719074e1c95723d
-
SHA1
112b981e328176f698161aba4c50a042b61516ce
-
SHA256
82db633a79ef7fe836d666e7da62a23e424e40387e257c949fdad5990b6d9e04
-
SHA512
a5094ec843488670c6b746f880622d43904b582411faef2b42c4df33512b480877bb759a7a31e6ab694b4a0a1bc25141e1d72f16e9f6459c138d7f2a87a62dea
-
SSDEEP
3072:u22TWTogk079THcpOu5UZw0/6tJR6RDfo:u/TX07hHcJQwtT6RTo
Malware Config
Extracted
https://www.1plus-agency.com/tmp/nlr08Z0/
http://winadev.com/uglot/iiClU/
https://enews.enkj.com/wordpress/h62/
https://apicosto.misco-furniture.com/dvzmj/0xm3yS/
http://drbeatrice.com/wp-content/HSz/
https://ienerpro.com/cgi-bin/VVwhOR/
https://premierbarsamui.com/Irc/O/
Targets
-
-
Target
ed4039f3fd3713962719074e1c95723d_JaffaCakes118
-
Size
213KB
-
MD5
ed4039f3fd3713962719074e1c95723d
-
SHA1
112b981e328176f698161aba4c50a042b61516ce
-
SHA256
82db633a79ef7fe836d666e7da62a23e424e40387e257c949fdad5990b6d9e04
-
SHA512
a5094ec843488670c6b746f880622d43904b582411faef2b42c4df33512b480877bb759a7a31e6ab694b4a0a1bc25141e1d72f16e9f6459c138d7f2a87a62dea
-
SSDEEP
3072:u22TWTogk079THcpOu5UZw0/6tJR6RDfo:u/TX07hHcJQwtT6RTo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-