General
-
Target
fe2d1caa2d52000efcd19ea1ea31d254_JaffaCakes118
-
Size
78KB
-
Sample
240929-krzavawhlq
-
MD5
fe2d1caa2d52000efcd19ea1ea31d254
-
SHA1
6496aa6a299bc606ee9d058bdf4f0d826a2e4541
-
SHA256
dcf3c03887af46b3160d984a6268ac3fcc6e659895ba4721e952ecaf363cfbdb
-
SHA512
592a3447aa75b48b578b9f6b08524482b16c701f152b2fc2c074e63a9be84f250b380913b172e44af1dffbb0e223b6f17b959ac342b417fcbccadb3272b51f2d
-
SSDEEP
1536:41jeafPXGdythQh/zkq9D4aqFrvlUmz8qtBy0ZrPNp:Wvfc37kq9zqYVqtBRZTNp
Malware Config
Extracted
https://starstyl.ru/assets/plugins/managermanager/widgets/mm_hidetabs/word.exe
http://prostor-rybalka.ru/assets/plugins/managermanager/widgets/colors/word.exe
https://jewemsk.ru/core/components/gallery/lexicon/fr/word.exe
http://sndtgo.ru/word.exe
http://cosmo-wedding.ru/assets/snippets/ajaxSearch/js/ajaxSearch1/word.exe
Targets
-
-
Target
fe2d1caa2d52000efcd19ea1ea31d254_JaffaCakes118
-
Size
78KB
-
MD5
fe2d1caa2d52000efcd19ea1ea31d254
-
SHA1
6496aa6a299bc606ee9d058bdf4f0d826a2e4541
-
SHA256
dcf3c03887af46b3160d984a6268ac3fcc6e659895ba4721e952ecaf363cfbdb
-
SHA512
592a3447aa75b48b578b9f6b08524482b16c701f152b2fc2c074e63a9be84f250b380913b172e44af1dffbb0e223b6f17b959ac342b417fcbccadb3272b51f2d
-
SSDEEP
1536:41jeafPXGdythQh/zkq9D4aqFrvlUmz8qtBy0ZrPNp:Wvfc37kq9zqYVqtBRZTNp
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-