General
-
Target
f513f5051ac29f8c2b83885b4687f696_JaffaCakes118
-
Size
176KB
-
Sample
240925-d3j7qsserr
-
MD5
f513f5051ac29f8c2b83885b4687f696
-
SHA1
8a42b91b4c041b8672fd89355e29db4bb57a2a2e
-
SHA256
b8818fbdeecde51adf7270365592b9812f1e323c4cdbf81f12885c590727d3f2
-
SHA512
afe387f73910e3734ada4fbd45aaabedc9626abf74e49091971d703687875f3bf46e4a9735dfd9413e1adb6db1d8b37ddb270537ffbeb33c78ceced078302322
-
SSDEEP
1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9LGnut1ExbYCYWOFBfM0jKrQ2gF:grfrzOH98ipgiuiX10+rngF
Malware Config
Extracted
https://santyago.org/wp-content/0mcYS6/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
http://kellymorganscience.com/wp-content/SCsWM/
https://tewoerd.eu/img/DALSKE/
http://mediainmedia.com/plugin_opencart2.3-master/Atye/
http://nuwagi.com/old/XLGjc/
Targets
-
-
Target
f513f5051ac29f8c2b83885b4687f696_JaffaCakes118
-
Size
176KB
-
MD5
f513f5051ac29f8c2b83885b4687f696
-
SHA1
8a42b91b4c041b8672fd89355e29db4bb57a2a2e
-
SHA256
b8818fbdeecde51adf7270365592b9812f1e323c4cdbf81f12885c590727d3f2
-
SHA512
afe387f73910e3734ada4fbd45aaabedc9626abf74e49091971d703687875f3bf46e4a9735dfd9413e1adb6db1d8b37ddb270537ffbeb33c78ceced078302322
-
SSDEEP
1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9LGnut1ExbYCYWOFBfM0jKrQ2gF:grfrzOH98ipgiuiX10+rngF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-