General
-
Target
98ffc3c812e6cec919ebd286973e2002_JaffaCakes118
-
Size
445KB
-
Sample
240402-2j7qpafh45
-
MD5
98ffc3c812e6cec919ebd286973e2002
-
SHA1
b0d1a65445a7923870ad23ec4d80f592e808c987
-
SHA256
014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
-
SHA512
5875f8f2c736cbf501c25635f5c9014e499a7fce01f139315cbf5c0d3c45e1e8568a9fa8ddfe60cb0a44804a7677fdcd411eab4be6177926649b1b691d97a721
-
SSDEEP
6144:hBlL/NDevWMKIPT48zhmgL58KCjuLkTMm6GBX3KTDDC3cz/3aKkm3HC:n6B8KC4kTrV3KlziKkR
Static task
static1
Behavioral task
behavioral1
Sample
98ffc3c812e6cec919ebd286973e2002_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
98ffc3c812e6cec919ebd286973e2002_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nawgsdqut.dll
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nawgsdqut.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
b2c0
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
thesewhitevvalls.com
Targets
-
-
Target
98ffc3c812e6cec919ebd286973e2002_JaffaCakes118
-
Size
445KB
-
MD5
98ffc3c812e6cec919ebd286973e2002
-
SHA1
b0d1a65445a7923870ad23ec4d80f592e808c987
-
SHA256
014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
-
SHA512
5875f8f2c736cbf501c25635f5c9014e499a7fce01f139315cbf5c0d3c45e1e8568a9fa8ddfe60cb0a44804a7677fdcd411eab4be6177926649b1b691d97a721
-
SSDEEP
6144:hBlL/NDevWMKIPT48zhmgL58KCjuLkTMm6GBX3KTDDC3cz/3aKkm3HC:n6B8KC4kTrV3KlziKkR
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/nawgsdqut.dll
-
Size
104KB
-
MD5
d4233fefc9328cc30b0ef014beb2f51b
-
SHA1
302180a5edb1fd653d7884bb60172e6edfbbeac4
-
SHA256
1827a3002964434b0acff1359241948e334148d3413312cfea326cae8f269758
-
SHA512
b3e19c83e631b6a8b8b0d00ab14af811519765b737f1497f27e8c3a8c3328038967dbb6095671e4095af48d6355b5f13cec20c38ef2dfb14cc2ae8e9482de4af
-
SSDEEP
1536:XlGfGAPqPOicsu0WpmS89PdDeSGTzIfTw83qVlIHyaaEil3Wkly9ncobUfs+ulZ6:1GfGAIOqXSKS13nKixlyrquv
Score3/10 -