598c877c5d2f1701704c027c2f9d4a1954c0c0cdd223244549678039b8757eb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_065ae4d4d3ebd8d6d6e86a7146309b50
Size

145KB
Sample

250517-2l2bpasmx7
MD5

065ae4d4d3ebd8d6d6e86a7146309b50
SHA1

c9628f3b6b11f9f798cc6f38c9701138c7c443e1
SHA256

598c877c5d2f1701704c027c2f9d4a1954c0c0cdd223244549678039b8757eb9
SHA512

12397db666ec543f1bfce3e83f9fd6f4696c83e5bd3448320b3a5420266ef475d2bbd43dd9142b6b7862636ee6023a07f14b6387d8b3a2dbb207105efd953f7b
SSDEEP

1536:V181ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadsEzf1a5sM9+a9:V18GhDS0o9zTGOZD6EbzCdTT1a5s

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://www.babykamerstore.nl/sites/KNm53A_pCL6

exe.dropper

http://therxreview.com/MUK31q_7UQ3sIR

exe.dropper

http://patrickhouston.com/jV6_760ojdF6_OchIfohV4

exe.dropper

http://greenplastic.com/MQg_ii3OMw

exe.dropper

http://ulukantasarim.com/wp-admin/images/EjaF9S_6xQfPevy

Targets

- Target
  
  JaffaCakes118_065ae4d4d3ebd8d6d6e86a7146309b50
- Size
  
  145KB
- MD5
  
  065ae4d4d3ebd8d6d6e86a7146309b50
- SHA1
  
  c9628f3b6b11f9f798cc6f38c9701138c7c443e1
- SHA256
  
  598c877c5d2f1701704c027c2f9d4a1954c0c0cdd223244549678039b8757eb9
- SHA512
  
  12397db666ec543f1bfce3e83f9fd6f4696c83e5bd3448320b3a5420266ef475d2bbd43dd9142b6b7862636ee6023a07f14b6387d8b3a2dbb207105efd953f7b
- SSDEEP
  
  1536:V181ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadsEzf1a5sM9+a9:V18GhDS0o9zTGOZD6EbzCdTT1a5s
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution