General
-
Target
edf992d0c533d92c2c417f0f0cb84fd9_JaffaCakes118
-
Size
142KB
-
Sample
240920-tsrf3awcnn
-
MD5
edf992d0c533d92c2c417f0f0cb84fd9
-
SHA1
15539a9a420e3922e87c95f6deb278a06207a84b
-
SHA256
a0e4f7699cdffaa2298576e4b84ed93dead9e27d85dba0508ea11b7d772697ac
-
SHA512
9764de9a7c8d864bfcbda30410984a82a19eff29062ff4c2f84bfa1a84f881541538a1abba827a992e84fddf6d5510a2167dd9f3b254e8baceeac2861ab457c6
-
SSDEEP
3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/9:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOM0
Malware Config
Extracted
http://rzminc.com/xklyulyijvn/45555680304976800000.dat
http://pathinanchilearthmovers.com/eznwcdhx/45555680304976800000.dat
http://jugueterialatorre.com.ar/xjzpfwc/45555680304976800000.dat
http://rzminc.com/fdzgprclatqo/45555680304976800000.dat
http://biblicalisraeltours.com/otmchxmxeg/45555680304976800000.dat
Extracted
http://rzminc.com/xklyulyijvn/45555680272338000000.dat
http://pathinanchilearthmovers.com/eznwcdhx/45555680272338000000.dat
http://jugueterialatorre.com.ar/xjzpfwc/45555680272338000000.dat
http://rzminc.com/fdzgprclatqo/45555680272338000000.dat
http://biblicalisraeltours.com/otmchxmxeg/45555680272338000000.dat
Targets
-
-
Target
edf992d0c533d92c2c417f0f0cb84fd9_JaffaCakes118
-
Size
142KB
-
MD5
edf992d0c533d92c2c417f0f0cb84fd9
-
SHA1
15539a9a420e3922e87c95f6deb278a06207a84b
-
SHA256
a0e4f7699cdffaa2298576e4b84ed93dead9e27d85dba0508ea11b7d772697ac
-
SHA512
9764de9a7c8d864bfcbda30410984a82a19eff29062ff4c2f84bfa1a84f881541538a1abba827a992e84fddf6d5510a2167dd9f3b254e8baceeac2861ab457c6
-
SSDEEP
3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/9:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOM0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-