General
-
Target
edb75a3c81b7b730bafa51164447f67d_JaffaCakes118
-
Size
152KB
-
Sample
240920-q192layhqc
-
MD5
edb75a3c81b7b730bafa51164447f67d
-
SHA1
d394994640ac3f37f7dbe1150c4cb91d97c85660
-
SHA256
9530d202be6692b15721f936a6cd20a7319a5dc92e97e12b532ceb3d74641753
-
SHA512
deb876f53633dbf6b2ec6def10d3ac5a6fa30b331ab0e3955d240fdc0ec3897f4f894bbad25bb8b444ae84534ec93db01f56ab37016a48afb3d777d5c1e6263c
-
SSDEEP
1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1Zy:022TWTogk079THcpOu5UZ+7EuV
Malware Config
Extracted
http://www.firhajshoes.com/wp-admin/RgaiT/
http://fakeread.com/OneSignal-Web-SDK-HTTPS-Integration-Files/Wf/
http://www.rttutoring.com/wp-includes/LlbY6o/
http://blueskysol.com/sys-cache/2Rk/
http://crazyboxs.com/cgi-bin/IaJ/
http://www.paramedicaleducationguidelines.com/wp-admin/3jXU5Bp/
http://nuhatoys.com/wp-admin/WWA4R/
Targets
-
-
Target
edb75a3c81b7b730bafa51164447f67d_JaffaCakes118
-
Size
152KB
-
MD5
edb75a3c81b7b730bafa51164447f67d
-
SHA1
d394994640ac3f37f7dbe1150c4cb91d97c85660
-
SHA256
9530d202be6692b15721f936a6cd20a7319a5dc92e97e12b532ceb3d74641753
-
SHA512
deb876f53633dbf6b2ec6def10d3ac5a6fa30b331ab0e3955d240fdc0ec3897f4f894bbad25bb8b444ae84534ec93db01f56ab37016a48afb3d777d5c1e6263c
-
SSDEEP
1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1Zy:022TWTogk079THcpOu5UZ+7EuV
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-