General
-
Target
5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118
-
Size
252KB
-
Sample
240331-j7pwnshb85
-
MD5
5197fb0ac1eee3ae19fcf6117ea49e9a
-
SHA1
465e9c4bc39f867b19f563149247d9fd6236f79b
-
SHA256
e862c2495e79b33c27fd00a29dda3c22df6796ff8aa7fc6294216a46668f9047
-
SHA512
816404415eca72d5ad5afec58c82d9d5d63b6abf0e8210abc03121934df8a8f7122ff38db840b779394e5d7400d9085737173014f59243efb79d93320c0cd1d9
-
SSDEEP
6144:wBlL/cFwRcjA3MgYZhZc/vwcpV7Psk9+MctkOCtnW+aq:CeyqeMgY8vwe7J9+MctyW8
Static task
static1
Behavioral task
behavioral1
Sample
5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/wvjzzimk.dll
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/wvjzzimk.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
hr8n
xn--z4qv1cr56dk0k.group
trend-shopping.net
redherring.agency
jeetopesekashback.xyz
myverizonbillpay.com
enjoy-developpement.com
reals-markets-34.xyz
nobadfeelings.com
libbybruce.space
noobcakes.com
silviomicalikush.xyz
taschenhimmel.guru
terradr.one
suvsangebotguenstigdeorg.com
bercatv.com
toytraderinc.com
mintnft.energy
apnagas.com
canalsidespeech.com
oporbagehi.quest
frutza.com
acmcnetwork.com
maoqiufushi.com
supere-mart.net
baumer-instruments.com
swiftremotestudio.com
mudatstudio.com
taobao789.xyz
threensales.com
balancedprivatepractice.com
chatelab.network
goddesslifecbd.com
matchmakerfiji.com
everokqroup.com
wolfgapwines.com
sairafashions.xyz
integrityinlending.com
tigerpay-partners.com
petanimals2021.com
paradojascomunicacion.com
saamcoheir.quest
ctgroweasy.com
drfgr1.com
andrusagency.com
uperionorthamerica.com
tkfaha.com
sadeghzeyni.com
preadmirer.info
casaoscarballas.com
kreworiginal.com
lipeengineering.com
metroprocesservers.com
secure01bchslogin.com
blackbait6.com
srivijayalakshmitravels.com
temperaninails.com
spotbrush.com
docsbuilda.com
thirdize.com
michaelkors-handbags.biz
189168app.com
bossylifestyle.online
topomappro.com
cursosphysioedu.online
pochi-owarai.com
Targets
-
-
Target
5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118
-
Size
252KB
-
MD5
5197fb0ac1eee3ae19fcf6117ea49e9a
-
SHA1
465e9c4bc39f867b19f563149247d9fd6236f79b
-
SHA256
e862c2495e79b33c27fd00a29dda3c22df6796ff8aa7fc6294216a46668f9047
-
SHA512
816404415eca72d5ad5afec58c82d9d5d63b6abf0e8210abc03121934df8a8f7122ff38db840b779394e5d7400d9085737173014f59243efb79d93320c0cd1d9
-
SSDEEP
6144:wBlL/cFwRcjA3MgYZhZc/vwcpV7Psk9+MctkOCtnW+aq:CeyqeMgY8vwe7J9+MctyW8
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/wvjzzimk.dll
-
Size
30KB
-
MD5
1935d59b15993c7cd94536efaeab6262
-
SHA1
2074147209d31d3ee234c96c84199e690dc4539d
-
SHA256
dfe4a2815652d4d3ece8e6f0d2c9cf2a526d2560f779b38fc8dc67182ad7df24
-
SHA512
bb06a2e81466f1581faa2d39be937315a817ea8c651e9ac4911b496e2dee690de7adbaf5a9ede8fab03ede0934b3b772ec53fe77abc13d00ba474cb2a5915130
-
SSDEEP
384:rXW1ZONE0cHjOJwEN1EvzS24ZT7//YriYp2xftSnPJstZP8ZcJZxzXecQlxuwJ+M:rG1eE06OJwi24p7Hw/pg2NZcMcCxuy
-
Xloader payload
-
Suspicious use of SetThreadContext
-