General
-
Target
9f1bc3f24aceb127357a1c65c96c27f3_JaffaCakes118
-
Size
36KB
-
Sample
241126-b361dstpgr
-
MD5
9f1bc3f24aceb127357a1c65c96c27f3
-
SHA1
a2d127a08a430de6b75320812e829ac0e0a09a41
-
SHA256
245303a91378f8739407e2b274e91c77313ad43d837bf1448f2d84e61338ecb7
-
SHA512
bd71b4149a24da588acd06a48b42ecd72baf09bea500aab020f11f4a42625a54f6146a0f6fc264f06d79063db98e414ad878009e4032cb416960020d70e17a9a
-
SSDEEP
768:73igmxr5mda3Yt6niOFYSxKtex9QH9D2+HAi2pAhveM05F:7S1xlqa3YgniOFL0kWN2Pi2pAhveNr
Malware Config
Targets
-
-
Target
中国南方电网有限责任公司总部2012年一级物资集中招标35千伏及以上交流项目主要一次设备第四批需求(编号:12-5-4)公开招标项目分标包清单.xls
-
Size
101KB
-
MD5
1123c713785cd680d015e668b3ac3a60
-
SHA1
1684dfb921fd927812128514b71cd3b0602e2e6b
-
SHA256
ca2f3feb4d2a33868b2f56d8ac67635fe06dab621c7fbecc3c397a930137049f
-
SHA512
0ec8a6b7a942f1719daddced0fcbaae88a090278447e18ffe3608b8a1360371139671c7e4262b07729d32e732f069141d7e30cc7144894dfd07f32fe662616c1
-
SSDEEP
1536:1gA7lfG3TnmL4URTvjEb2jcc0lbxOvTgZGbhY7nJdJoOd7cJtXwYaNu:5lfG3TnmK2jcc0lbxOr52AJtXwbE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Deletes itself
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
中国南方电网有限责任公司总部2012年一级物资集中招标35千伏及以上交流项目主要材料(非框招范围)第三批需求(编号:12-3-3)专项项目分标包清单.xls
-
Size
8KB
-
MD5
c3b2ec97cbfac33d0f966c8d504f6a81
-
SHA1
96186ea73e4554e674e7cf1f74fa8810fcde7a2a
-
SHA256
b3dd6e6b72ae0cee51e1f25349b8a4e805fcbe468f017724d0b67d0ffae49e80
-
SHA512
931ad2edaaad7e796ab60b9f6b614f34b9d9c484db565dfcb53903f2200d8dac070cfdbe583a43830f24e918eac2aa11fd71c41556d296130e8ac652670586d9
-
SSDEEP
96:/o68k43AgdLSUX2dIEH8R+IiMUNb9ZcNgYYLCPYycrNEcpw8wZ2a79xdyHIq:/o68k43AgdLSUX0MiMR2PLL1f
Score3/10 -