General
-
Target
40efdd8d2045850561ca484d01633793_JaffaCakes118
-
Size
253KB
-
Sample
240330-wgdf6sbg47
-
MD5
40efdd8d2045850561ca484d01633793
-
SHA1
26a7d116c944c709369a95a4d86eaf8813860adb
-
SHA256
b503be7988f66c2820e5f9a13b6e53ba9b8d14011069c6c809065cf08463e22b
-
SHA512
bece401b795fe8ec37b7dd81f55daaafce77d8096c23d9f31109eec74701ea8720aba252f17151fbcd27620758b77aac467d2e420a8cd215cb6a525362811e79
-
SSDEEP
6144:wBlL/ciApcHmBWwKdo9STFbpzcUQ4iqmTRButukkAtwKvbwv5a:CeiDEWjV5baUNiqyRstio
Static task
static1
Behavioral task
behavioral1
Sample
40efdd8d2045850561ca484d01633793_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
40efdd8d2045850561ca484d01633793_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/hsrxk.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/hsrxk.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
dgt9
glimpse-media.com
crimsongomidv.xyz
seo-clicks6.com
cloudbreakhq.com
oakabbey.net
findcasinoslots.com
thehelloloveshop.com
havetsuczyli.quest
celestialtransportation.net
nianlun.wiki
valentinaturals.com
808gang.net
tykaa.com
sparoom.store
empregosbr1.online
visaractivateddprocessing.com
industriamadereraargentina.com
ekopressbrake.com
984561.com
oklahomacasinoreviews.com
weihao.online
ct5k.com
ncya14.xyz
drinkrhino.com
syrianwindow.com
dsj2015.com
income-icm.com
rdaubuisson.com
686281.com
crushanxiety.com
tetstore.com
api-23nnys.com
jizhibao.xyz
echosymbol.com
gftsets.com
tenlog066.xyz
syzhangyi.com
fortlewisapartment.com
flatironstreeservice.com
daomars.com
metaverse360.biz
suplena.top
rontestcfb29.com
christmaspyjamashop.com
lftreasures.com
datsdopedesign.com
recloud-inc.com
maloma4u.com
imagesetblues.paris
wantto.net
barco-group.com
ebonygirls.net
freenewgameonline.com
berryfreshcans.com
ez.money
maxicashprofgt.xyz
wilyardmarketing.com
sukien-membership-garana.com
andrewwoodrealty.com
efllubricants.com
wwwa526.com
khl0q.com
beijixing-zs.com
suwei8.com
discountaquarium.com
Targets
-
-
Target
40efdd8d2045850561ca484d01633793_JaffaCakes118
-
Size
253KB
-
MD5
40efdd8d2045850561ca484d01633793
-
SHA1
26a7d116c944c709369a95a4d86eaf8813860adb
-
SHA256
b503be7988f66c2820e5f9a13b6e53ba9b8d14011069c6c809065cf08463e22b
-
SHA512
bece401b795fe8ec37b7dd81f55daaafce77d8096c23d9f31109eec74701ea8720aba252f17151fbcd27620758b77aac467d2e420a8cd215cb6a525362811e79
-
SSDEEP
6144:wBlL/ciApcHmBWwKdo9STFbpzcUQ4iqmTRButukkAtwKvbwv5a:CeiDEWjV5baUNiqyRstio
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/hsrxk.dll
-
Size
42KB
-
MD5
68700ac207deffb6fc0b884f939b483a
-
SHA1
0661e7515f431bdcd3395446c39c404c50380098
-
SHA256
6e0a0802525044ec0502d3382e80da3a49a98cc5f42197d9313fca6b695f3f92
-
SHA512
1d6d0777a896d8f3127a2f2e6953ed715d7bcd68d7148d483716cc3c9de5ae0b8fe05084b9a1f0d7997ea02f985b4f8ee3c3a1da9993a383b08cfb4e004de3b4
-
SSDEEP
768:iYIfeZ2i7NnQ4761GU5W7wm4mPYAyETr2qlARc+GKG:iYImZT7V0Gx/f2qlARk
-
Xloader payload
-
Suspicious use of SetThreadContext
-