General
-
Target
846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118
-
Size
256KB
-
Sample
240402-frjg6shc8z
-
MD5
846d3c6c1ce0237c373de8ec0403f0e1
-
SHA1
06fd0d16804228e0f4b50393f18d78457055a640
-
SHA256
7946718754bb669d3c7a80e355a20047e3e87dbfa9446927ceb6fabab21847d1
-
SHA512
d630de0d71fc09327fa09d10304168ef8704e6136f78025ce8420d6c6e048a5d91803e096f8d56c46ea42fc5d3f8cbdb02d5206bb556316b5d78391205419ee0
-
SSDEEP
6144:F8LxBs4OJ4RU5hy+AoHXCUqalLDsktt54JnzO7eIt:/4acZOXR7xKJzv4
Static task
static1
Behavioral task
behavioral1
Sample
846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/envdl.dll
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.5
nqn4
posadaluna.com
ztwl2000.com
cvmu.net
marvellouslles.com
tiromiesu.com
allinsqadminn.com
8straps.com
buyfood.store
jipodh.xyz
earthsidesoulalchemist.com
overiodize.xyz
weed.enterprises
minuseasy.com
konchord.com
14attrayanteoffre.com
brasbux.com
aog.group
hairuno.com
solheimdesign.com
cosmetictreat.com
datingperformance.website
woaini.website
totusnet.com
palisadestahoeresorts.com
judoclubalbigny.com
positivethingsbymarion.com
ejezeta3d.com
viar.website
qgt114.com
trust-top.net
diet-health-and-beauty.tech
anytimedryout.com
lexhire.com
blazingfastcredit.com
serenityminded.com
retirees-aa.net
futurehumandesign.net
92clavelcourt.com
primaryblohtw.top
alhudadevelopers.com
evertownnyc.net
storyconnect.tech
minecrafttop.net
wordofgod.xyz
cmledbetter.com
dromenvangers.com
thedelawarekeys.com
perfectionbyinjection.com
dehn-sso.com
alltagsentlastung.com
poradniabioetyczna.com
ayushigangwar.com
stlaurenthp.com
alsafi.website
lkdwaterfowlers.com
needaletterforfreedom.com
eco1tnpasumo3.xyz
lawsonboards.com
unapologeticlyme.net
hoshikuzu-hegemony.com
notedinvestment.website
ebikerating.com
bigbrostudios.com
ansisms.com
geefmijcorona.online
Targets
-
-
Target
846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118
-
Size
256KB
-
MD5
846d3c6c1ce0237c373de8ec0403f0e1
-
SHA1
06fd0d16804228e0f4b50393f18d78457055a640
-
SHA256
7946718754bb669d3c7a80e355a20047e3e87dbfa9446927ceb6fabab21847d1
-
SHA512
d630de0d71fc09327fa09d10304168ef8704e6136f78025ce8420d6c6e048a5d91803e096f8d56c46ea42fc5d3f8cbdb02d5206bb556316b5d78391205419ee0
-
SSDEEP
6144:F8LxBs4OJ4RU5hy+AoHXCUqalLDsktt54JnzO7eIt:/4acZOXR7xKJzv4
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/envdl.dll
-
Size
21KB
-
MD5
4a7f4f8dddc69b711134773bc01482c5
-
SHA1
7c3e00bfff4bcfaf2ccdce971cd247f7be3cdb0f
-
SHA256
d12d71c87dbbe93303a1402e368e5e8827d512aa54bae78347077ca468abdbc6
-
SHA512
19548dd1400535a606c1d6d82f7b9e6c41ecfedbeed269c7e62009f60fff12a96a24c837e8332e31d529b0a81e09e1ac470c1b7b500cc39fccae23cae12b8e2a
-
SSDEEP
384:jnM0lcYC8SkzLuFhmRWxENbU1UpqrT5JHrqH+OC:jM0+YfSkzLuFjIwW6nHrd
-
Xloader payload
-
Suspicious use of SetThreadContext
-