586952c78bf1cfb12b0660cd22619c2d0605b4f48338a9f0609e55d0359c25b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_071825f123a2ba36d5d39850b50f40fa
Size

160KB
Sample

250519-yn6gmsylt3
MD5

071825f123a2ba36d5d39850b50f40fa
SHA1

be23dddfce935621a486bd7774dc58b00b4c885b
SHA256

586952c78bf1cfb12b0660cd22619c2d0605b4f48338a9f0609e55d0359c25b9
SHA512

337e9b2fab5c44d58defa8b7c3ae296f14b60bd27d3e9fe6af03bdf86fe7e69b81a9058215d379c10b9d6c5e89d51773f1a4cefb0cd4a15e320d7c974f687af0
SSDEEP

3072:/iz5uTdcrrXyQBsc0vWJVi4IrwVsTnoLRU:q1XPII

Score

10^/10

execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://senbiaojita.com/wp-admin/iDlsc/

exe.dropper

http://vassanaservices.com/TEST/V3/

exe.dropper

http://starkmotorracing.com/unhairer/nzFKm/

exe.dropper

http://cometarabian.com/wp-includes/zFY6U/

exe.dropper

https://buyitnowtoday.net/wp-admin/KI0K/

exe.dropper

http://re2me.xyz/opt/Ds/

exe.dropper

http://convictionfitness.webdmcsolutions.com/wp-admin/gUb/

Targets

- Target
  
  JaffaCakes118_071825f123a2ba36d5d39850b50f40fa
- Size
  
  160KB
- MD5
  
  071825f123a2ba36d5d39850b50f40fa
- SHA1
  
  be23dddfce935621a486bd7774dc58b00b4c885b
- SHA256
  
  586952c78bf1cfb12b0660cd22619c2d0605b4f48338a9f0609e55d0359c25b9
- SHA512
  
  337e9b2fab5c44d58defa8b7c3ae296f14b60bd27d3e9fe6af03bdf86fe7e69b81a9058215d379c10b9d6c5e89d51773f1a4cefb0cd4a15e320d7c974f687af0
- SSDEEP
  
  3072:/iz5uTdcrrXyQBsc0vWJVi4IrwVsTnoLRU:q1XPII
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2