General
-
Target
98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118
-
Size
450KB
-
Sample
240402-2d36baff76
-
MD5
98d2d5ac3bd493d77f0a7300a43d045b
-
SHA1
7fdd3b9b76f2c40df10def7ec3aa25c4fb192ec7
-
SHA256
1bbc8a34b7590c1593c5a79a8d0f93b17a162f44893c37aa11e4cb9e0e2d96bf
-
SHA512
32b7aa0518d6b41864d0f6f90d397cd377244b8f6af07178252aeb5b7ecf57e347c2aa2a3a4d94327d799bfcf8fe87b5c8164b0102c64258fd55a4c024ad0ef3
-
SSDEEP
12288:g4fXqKkoo4mdIaFOyzsfUvCqqTb+3e3DcGv2:9PbkoodWaEXU6P/2
Static task
static1
Behavioral task
behavioral1
Sample
98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/gyalquzbu.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/gyalquzbu.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
b2c0
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
thesewhitevvalls.com
Targets
-
-
Target
98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118
-
Size
450KB
-
MD5
98d2d5ac3bd493d77f0a7300a43d045b
-
SHA1
7fdd3b9b76f2c40df10def7ec3aa25c4fb192ec7
-
SHA256
1bbc8a34b7590c1593c5a79a8d0f93b17a162f44893c37aa11e4cb9e0e2d96bf
-
SHA512
32b7aa0518d6b41864d0f6f90d397cd377244b8f6af07178252aeb5b7ecf57e347c2aa2a3a4d94327d799bfcf8fe87b5c8164b0102c64258fd55a4c024ad0ef3
-
SSDEEP
12288:g4fXqKkoo4mdIaFOyzsfUvCqqTb+3e3DcGv2:9PbkoodWaEXU6P/2
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/gyalquzbu.dll
-
Size
33KB
-
MD5
a8caa6d267951ad22e835233b5e50c46
-
SHA1
45c722c5958d99727a95d30eaa3032203d1f4ab2
-
SHA256
db7b70b0734285b8d9a1f3617e55603b0cb649d9bf0b7fbf8988c44e684f4e76
-
SHA512
9ee74bf576554210f8923dda8aa28f6dc7f3c5aa52da7b48a94beaf56cb4e27f1c3d0387cc9116e467631bc13c0e743341129bffa84b9db16ace1248a53b4cd7
-
SSDEEP
384:8o2En0QXbRRe9fsWZAmSlmMNAC8Qqgqdq9RHvHZXktPaa+LiJtLydc8f1eWU9Rkj:L2zf9HPaa+2tLKJcMaTxOMFs0o
Score3/10 -