General
-
Target
31ce7d8522a4ee3ba72ed934e7ffd70b_JaffaCakes118
-
Size
247KB
-
Sample
240330-de5hrsgc98
-
MD5
31ce7d8522a4ee3ba72ed934e7ffd70b
-
SHA1
47f2c35db86890a4b155562fa0622f10518f3df3
-
SHA256
c04a6522c272316586333bdd0e1c78427b3dd04976d77e45d937fe763bea101f
-
SHA512
0f41f41d4fa9deaedd8c853ebbb8689e212f279502224031833a3ae4bb07160e19ff6d031e59feaf4945851e7b2ec03132c9b7b9136c89ffc1a58e2c974def3f
-
SSDEEP
6144:wBlL/cImhOSmCgu1lf7zDQ5kwNJ7wdsVZrXe9ajPjIRNz+U5OO:CeIcQA5UbrXeYsRcU5x
Static task
static1
Behavioral task
behavioral1
Sample
31ce7d8522a4ee3ba72ed934e7ffd70b_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
31ce7d8522a4ee3ba72ed934e7ffd70b_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/olzh.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/olzh.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
hr8n
xn--z4qv1cr56dk0k.group
trend-shopping.net
redherring.agency
jeetopesekashback.xyz
myverizonbillpay.com
enjoy-developpement.com
reals-markets-34.xyz
nobadfeelings.com
libbybruce.space
noobcakes.com
silviomicalikush.xyz
taschenhimmel.guru
terradr.one
suvsangebotguenstigdeorg.com
bercatv.com
toytraderinc.com
mintnft.energy
apnagas.com
canalsidespeech.com
oporbagehi.quest
frutza.com
acmcnetwork.com
maoqiufushi.com
supere-mart.net
baumer-instruments.com
swiftremotestudio.com
mudatstudio.com
taobao789.xyz
threensales.com
balancedprivatepractice.com
chatelab.network
goddesslifecbd.com
matchmakerfiji.com
everokqroup.com
wolfgapwines.com
sairafashions.xyz
integrityinlending.com
tigerpay-partners.com
petanimals2021.com
paradojascomunicacion.com
saamcoheir.quest
ctgroweasy.com
drfgr1.com
andrusagency.com
uperionorthamerica.com
tkfaha.com
sadeghzeyni.com
preadmirer.info
casaoscarballas.com
kreworiginal.com
lipeengineering.com
metroprocesservers.com
secure01bchslogin.com
blackbait6.com
srivijayalakshmitravels.com
temperaninails.com
spotbrush.com
docsbuilda.com
thirdize.com
michaelkors-handbags.biz
189168app.com
bossylifestyle.online
topomappro.com
cursosphysioedu.online
pochi-owarai.com
Targets
-
-
Target
31ce7d8522a4ee3ba72ed934e7ffd70b_JaffaCakes118
-
Size
247KB
-
MD5
31ce7d8522a4ee3ba72ed934e7ffd70b
-
SHA1
47f2c35db86890a4b155562fa0622f10518f3df3
-
SHA256
c04a6522c272316586333bdd0e1c78427b3dd04976d77e45d937fe763bea101f
-
SHA512
0f41f41d4fa9deaedd8c853ebbb8689e212f279502224031833a3ae4bb07160e19ff6d031e59feaf4945851e7b2ec03132c9b7b9136c89ffc1a58e2c974def3f
-
SSDEEP
6144:wBlL/cImhOSmCgu1lf7zDQ5kwNJ7wdsVZrXe9ajPjIRNz+U5OO:CeIcQA5UbrXeYsRcU5x
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/olzh.dll
-
Size
23KB
-
MD5
6df7a450da261bff1444fb7d6f1e2be7
-
SHA1
839f6b3792c54ee28cd934211cadda883b47bb5d
-
SHA256
9210ecc0b38f24856aa926ebac3427e1c63b9720a3241421b42e459cbdedd0d8
-
SHA512
65a0ef4b32a71d97bdff2d155ee02b965445dc0db6656d6247ce09d2c13fcffb7d9ac535bf3341642f4b25aa5b1d204bba63141870f894b9631a3e537aab7c7c
-
SSDEEP
384:BSZAHFEMvQaN2qzUhVCnJLyeVzFA1Iiv2LDg9u+ncBU5iQ1:BCAllgqzOCjVLe+g9vnSUwQ
Score3/10 -