General
-
Target
f9dfb6818883bdd938dc96afef17a715_JaffaCakes118
-
Size
191KB
-
Sample
240927-gz9vrsyfjq
-
MD5
f9dfb6818883bdd938dc96afef17a715
-
SHA1
97e3b47d925f22e0880cb9b18dded3ee831b82f0
-
SHA256
b3e3aa1c634c56cc979189e670b2a4579c4673e47250b10098d56c0a83b54e06
-
SHA512
3a4210e47e9d1373030872d495e72f5c9a7478b2229470243b96c969523d94b35317d0b1af674a9769fbfd9e4678d96f3e22e40c46fab0f243360f46b95a5095
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjt0zKNf9cfmfE7qdmVJKk/Juvc5a8a8x:i9ufsfgIf0pLOKb2
Malware Config
Extracted
http://reklamdasiniz.com/wp-admin/W/
http://www.paramedicaleducationguidelines.com/wp-admin/7S/
http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
http://casualhome.com/wp-admin/Y/
https://aemine.vn/wp-admin/KMq/
http://aahnaturals.net/wp-includes/A3/
https://sbsec.org/bsadmin-portal/1nf/
Targets
-
-
Target
f9dfb6818883bdd938dc96afef17a715_JaffaCakes118
-
Size
191KB
-
MD5
f9dfb6818883bdd938dc96afef17a715
-
SHA1
97e3b47d925f22e0880cb9b18dded3ee831b82f0
-
SHA256
b3e3aa1c634c56cc979189e670b2a4579c4673e47250b10098d56c0a83b54e06
-
SHA512
3a4210e47e9d1373030872d495e72f5c9a7478b2229470243b96c969523d94b35317d0b1af674a9769fbfd9e4678d96f3e22e40c46fab0f243360f46b95a5095
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjt0zKNf9cfmfE7qdmVJKk/Juvc5a8a8x:i9ufsfgIf0pLOKb2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-