General
-
Target
1f747491324af43e7e9432bf1c805c85_JaffaCakes118
-
Size
382KB
-
Sample
240329-mcn8faef7z
-
MD5
1f747491324af43e7e9432bf1c805c85
-
SHA1
30af5d5964916a694e52396711be4b2441250e01
-
SHA256
6623c86614f32885765a529c796fbe3e3b476dc58782a813e622d0d0873eaafb
-
SHA512
56271611779e2c0f18855deb72b3411a09a8e3e688c143a4eac756f9c88669755c07a6180c1a0d1766203d9bca64bc1b8e660470a5c33ff67f96c3cf4a124133
-
SSDEEP
6144:wqO29cPuZhtAfzC9JZb3xT4A8xBGaF0tDCDdhYwQfDqlxlNCtmSrp:wD29s+71JZbBsAKTF5DdhYwQfDqlxXUv
Static task
static1
Behavioral task
behavioral1
Sample
1f747491324af43e7e9432bf1c805c85_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
xloader
2.5
b2c0
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
thesewhitevvalls.com
Targets
-
-
Target
1f747491324af43e7e9432bf1c805c85_JaffaCakes118
-
Size
382KB
-
MD5
1f747491324af43e7e9432bf1c805c85
-
SHA1
30af5d5964916a694e52396711be4b2441250e01
-
SHA256
6623c86614f32885765a529c796fbe3e3b476dc58782a813e622d0d0873eaafb
-
SHA512
56271611779e2c0f18855deb72b3411a09a8e3e688c143a4eac756f9c88669755c07a6180c1a0d1766203d9bca64bc1b8e660470a5c33ff67f96c3cf4a124133
-
SSDEEP
6144:wqO29cPuZhtAfzC9JZb3xT4A8xBGaF0tDCDdhYwQfDqlxlNCtmSrp:wD29s+71JZbBsAKTF5DdhYwQfDqlxXUv
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-