General
-
Target
JaffaCakes118_075749aed863f4b88eed2e3d927b1c6c
-
Size
173KB
-
Sample
250520-zhkhnazqx2
-
MD5
075749aed863f4b88eed2e3d927b1c6c
-
SHA1
00626c47052d5af0344af6e23a097c99b7f00c7f
-
SHA256
1da786f3dda2528e89f62d6d75304c3d17d615ae7e2bc188700c2cd1a3a7c21c
-
SHA512
8d81ca0f3906d0ecb1c191a00d6c5cdfb5b7ae697cfe5369c7b6e5a6995943039bbc3dcbb234bd492bf09de043ceecc2eb4cb1c6a10e77a0bac61ea4a095605e
-
SSDEEP
3072:YwT4OUNzBgQEPcnc2kTdcrrXyQBsc0vWJVi4IrwVXYbdYPeFmfG5/+vGsPt4kohN:YwT4OUNzBgQEPcnc2tPIINe
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
JaffaCakes118_075749aed863f4b88eed2e3d927b1c6c
-
Size
173KB
-
MD5
075749aed863f4b88eed2e3d927b1c6c
-
SHA1
00626c47052d5af0344af6e23a097c99b7f00c7f
-
SHA256
1da786f3dda2528e89f62d6d75304c3d17d615ae7e2bc188700c2cd1a3a7c21c
-
SHA512
8d81ca0f3906d0ecb1c191a00d6c5cdfb5b7ae697cfe5369c7b6e5a6995943039bbc3dcbb234bd492bf09de043ceecc2eb4cb1c6a10e77a0bac61ea4a095605e
-
SSDEEP
3072:YwT4OUNzBgQEPcnc2kTdcrrXyQBsc0vWJVi4IrwVXYbdYPeFmfG5/+vGsPt4kohN:YwT4OUNzBgQEPcnc2tPIINe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-