General
-
Target
41bc8c583d9904897e2b504f127ced23_JaffaCakes118
-
Size
256KB
-
Sample
240330-xaftdscf46
-
MD5
41bc8c583d9904897e2b504f127ced23
-
SHA1
5317d2490adbde0baa35fed87dff5b29f941cd02
-
SHA256
26a7d60148b01f0b2c57abaac977514cbc0d31606ae151f200f0b9c04fdf0ad3
-
SHA512
a7ee54199867be352be5058b1ea187ac5f0bd0d83447f425159d5bea5f094ae30e53a6c9e42376a5d444387eed5b22e3e0b1176351e4fe3dacb78bbbb3d1e119
-
SSDEEP
6144:F8LxBs0RFwY3VUy7Wvb6XsodOcAjtagLcZChOZYVkKcD:/iFjuEa75LcsOYV0
Static task
static1
Behavioral task
behavioral1
Sample
41bc8c583d9904897e2b504f127ced23_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
41bc8c583d9904897e2b504f127ced23_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/pclcfdo.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/pclcfdo.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
hr8n
xn--z4qv1cr56dk0k.group
trend-shopping.net
redherring.agency
jeetopesekashback.xyz
myverizonbillpay.com
enjoy-developpement.com
reals-markets-34.xyz
nobadfeelings.com
libbybruce.space
noobcakes.com
silviomicalikush.xyz
taschenhimmel.guru
terradr.one
suvsangebotguenstigdeorg.com
bercatv.com
toytraderinc.com
mintnft.energy
apnagas.com
canalsidespeech.com
oporbagehi.quest
frutza.com
acmcnetwork.com
maoqiufushi.com
supere-mart.net
baumer-instruments.com
swiftremotestudio.com
mudatstudio.com
taobao789.xyz
threensales.com
balancedprivatepractice.com
chatelab.network
goddesslifecbd.com
matchmakerfiji.com
everokqroup.com
wolfgapwines.com
sairafashions.xyz
integrityinlending.com
tigerpay-partners.com
petanimals2021.com
paradojascomunicacion.com
saamcoheir.quest
ctgroweasy.com
drfgr1.com
andrusagency.com
uperionorthamerica.com
tkfaha.com
sadeghzeyni.com
preadmirer.info
casaoscarballas.com
kreworiginal.com
lipeengineering.com
metroprocesservers.com
secure01bchslogin.com
blackbait6.com
srivijayalakshmitravels.com
temperaninails.com
spotbrush.com
docsbuilda.com
thirdize.com
michaelkors-handbags.biz
189168app.com
bossylifestyle.online
topomappro.com
cursosphysioedu.online
pochi-owarai.com
Targets
-
-
Target
41bc8c583d9904897e2b504f127ced23_JaffaCakes118
-
Size
256KB
-
MD5
41bc8c583d9904897e2b504f127ced23
-
SHA1
5317d2490adbde0baa35fed87dff5b29f941cd02
-
SHA256
26a7d60148b01f0b2c57abaac977514cbc0d31606ae151f200f0b9c04fdf0ad3
-
SHA512
a7ee54199867be352be5058b1ea187ac5f0bd0d83447f425159d5bea5f094ae30e53a6c9e42376a5d444387eed5b22e3e0b1176351e4fe3dacb78bbbb3d1e119
-
SSDEEP
6144:F8LxBs0RFwY3VUy7Wvb6XsodOcAjtagLcZChOZYVkKcD:/iFjuEa75LcsOYV0
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/pclcfdo.dll
-
Size
22KB
-
MD5
5083f0592bc9096bcf547e329f4c17e0
-
SHA1
12735d4c3772cc5ae3efb52056262ff37e55f945
-
SHA256
824fda5608b540d3bda797751450c40649565f2bf49afdc81ebfd9faa8995aa2
-
SHA512
6f58a78962ff9bf04c05d61ab95d24cfa183a3e5288cb4365b065ae5c349baebd870987803014dc240449a360a6368ebc48184547719c80f6683cf5f0e9160c9
-
SSDEEP
384:OenMTlcY3sNkzLuFWGu7GdKGd/ZxJGf8wPNq4htK7RvU:OeMT+YcNkzLuFnEsKsG8wVZPK7
-
Xloader payload
-
Suspicious use of SetThreadContext
-