General
-
Target
ed5aeb5f022648867981a5335defa023_JaffaCakes118
-
Size
170KB
-
Sample
240920-l28sps1dln
-
MD5
ed5aeb5f022648867981a5335defa023
-
SHA1
6516a578ce0d2232fa3e704c3c107ffdc9de8ea3
-
SHA256
4e02784f17b866165db458c9ae3f13edf8dae02967921cfec16074018e8cd2e7
-
SHA512
78ba88ffeff3b5bd4341d7599e3ac0f74f8156d884f1709c74325f379e1bb87ae723ff63efc097d5df1b67a33c58e12421ba7528666853b190a69408ec841b10
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a90WvrCv3Pt6DwX:s22TWTogk079THcpOu5UZrvw3Pt6DwX
Malware Config
Extracted
http://ckinterbiz.com/backup/waI0rNy/
http://creationskateboards.com/shred/xnYp2/
http://bnmintl.com/cgi-bin/hQuB2/
http://buildingrobots.net/cgi-bin/LKgv/
http://booksearch.com/index_files/U/
http://davehale.ca/cgi-bin/v4kax/
https://www.equiposjj.com/cgi-bin/h0MId/
Targets
-
-
Target
ed5aeb5f022648867981a5335defa023_JaffaCakes118
-
Size
170KB
-
MD5
ed5aeb5f022648867981a5335defa023
-
SHA1
6516a578ce0d2232fa3e704c3c107ffdc9de8ea3
-
SHA256
4e02784f17b866165db458c9ae3f13edf8dae02967921cfec16074018e8cd2e7
-
SHA512
78ba88ffeff3b5bd4341d7599e3ac0f74f8156d884f1709c74325f379e1bb87ae723ff63efc097d5df1b67a33c58e12421ba7528666853b190a69408ec841b10
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a90WvrCv3Pt6DwX:s22TWTogk079THcpOu5UZrvw3Pt6DwX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-