General

  • Target

    ffd7ed2ea278afe39daf3b7f6d4819d3_JaffaCakes118

  • Size

    126KB

  • Sample

    240930-dq2k9avenr

  • MD5

    ffd7ed2ea278afe39daf3b7f6d4819d3

  • SHA1

    e7245488c6048d3a4bb0c7a49cacc1f2145330fb

  • SHA256

    04ae3026fc9502f115794757e29bef4a6ad6cf3047fb7b444b0ddbed9504c631

  • SHA512

    59ea97a02a17c1fe21b30dae6ebe206798943f9a8b245686420e33ac2da46f647000a67e2208eb2f63e4f7a32a7c0c76de65312dd7f9895fc74776e31468c726

  • SSDEEP

    3072:A8GhDS0o9zTGOZD6EbzCd3WiWCAWcWvfxa:eoUOZDlbe3WiWCAWcWvfxa

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://levifca.com/y0tYhnWQ

exe.dropper

http://mfpvision.com/yAkPNiSmm6

exe.dropper

http://haganelectronics.rubickdesigns.com/C96xSAAy2q

exe.dropper

http://catairdrones.com/sMQ0n8nNun

exe.dropper

http://radio312.com/mp0NHN4cHX

Targets

    • Target

      ffd7ed2ea278afe39daf3b7f6d4819d3_JaffaCakes118

    • Size

      126KB

    • MD5

      ffd7ed2ea278afe39daf3b7f6d4819d3

    • SHA1

      e7245488c6048d3a4bb0c7a49cacc1f2145330fb

    • SHA256

      04ae3026fc9502f115794757e29bef4a6ad6cf3047fb7b444b0ddbed9504c631

    • SHA512

      59ea97a02a17c1fe21b30dae6ebe206798943f9a8b245686420e33ac2da46f647000a67e2208eb2f63e4f7a32a7c0c76de65312dd7f9895fc74776e31468c726

    • SSDEEP

      3072:A8GhDS0o9zTGOZD6EbzCd3WiWCAWcWvfxa:eoUOZDlbe3WiWCAWcWvfxa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks