General
-
Target
94dfabcfd1c2a9197ff2938cd52bad46_JaffaCakes118
-
Size
249KB
-
Sample
240402-xy9rdaah72
-
MD5
94dfabcfd1c2a9197ff2938cd52bad46
-
SHA1
8c7f75c3cf3d6a0c5bee876ee8b98045a186e154
-
SHA256
098a32bfcd332f71fdb65cf704994c70cf6390110340c809ae2cc66bddfbde04
-
SHA512
758bdc6b9f1dfb40c6b88ebac9a8fe7a09102172ae021af526f860e863a01f75e21cd4b332ae11a09b54cf67db900bbdd2bf9d5eeec7a9e6dab6798f6866c104
-
SSDEEP
6144:wBlL/cZ9WISEFheSGP7nKlE1Iwc/9NuGRrsfcq+:Ce7PSOw/jwE1IwO3uat1
Static task
static1
Behavioral task
behavioral1
Sample
94dfabcfd1c2a9197ff2938cd52bad46_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
94dfabcfd1c2a9197ff2938cd52bad46_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/kwhtcvb.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/kwhtcvb.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
mxnu
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
naplesconciergerealty.com
Targets
-
-
Target
94dfabcfd1c2a9197ff2938cd52bad46_JaffaCakes118
-
Size
249KB
-
MD5
94dfabcfd1c2a9197ff2938cd52bad46
-
SHA1
8c7f75c3cf3d6a0c5bee876ee8b98045a186e154
-
SHA256
098a32bfcd332f71fdb65cf704994c70cf6390110340c809ae2cc66bddfbde04
-
SHA512
758bdc6b9f1dfb40c6b88ebac9a8fe7a09102172ae021af526f860e863a01f75e21cd4b332ae11a09b54cf67db900bbdd2bf9d5eeec7a9e6dab6798f6866c104
-
SSDEEP
6144:wBlL/cZ9WISEFheSGP7nKlE1Iwc/9NuGRrsfcq+:Ce7PSOw/jwE1IwO3uat1
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/kwhtcvb.dll
-
Size
24KB
-
MD5
c47052adbbfd727643e1f813bbee9d0a
-
SHA1
393318978321ed22187c5c81482399f253ffe1e2
-
SHA256
48f8ef93b698568f608e762cacef1b29a80bcf54bde9534a1de426242e86209a
-
SHA512
1dca295a1a76cf34e7b5e6463c3479ac42b1ec54486eba416c76248ef0a3ce63c1e4149eb9bc86a400c441210881c389957b0ffc04f6ba2880dde9daa5bada3c
-
SSDEEP
384:Rrecw0IDT07tzQ7+Lw3tJnZ2qQLjA4t9WMAZc6WnJ520mNT3s+0XMug:DwN07hrw3DnNsaMAZE2jT8+eM
Score3/10 -