General
-
Target
9b20c6a0c05584185da23f0892a7a982_JaffaCakes118
-
Size
252KB
-
Sample
240403-apz49aab2x
-
MD5
9b20c6a0c05584185da23f0892a7a982
-
SHA1
dfc1531489c4a803b0125c95b93609989dc3b138
-
SHA256
53fb1511812b33448fb51c4a6a7f4095600f2d30251546466ab1d401191fa59a
-
SHA512
2321b765bc891e89970457a47886dba583d68d588ac163d65c1dc1188fc2cd2935497a0a1413a5f23daa5628ffd17e252b121a0e856332aa5de155b3e56bedae
-
SSDEEP
3072:wBynOpL12riocLMRcjGk4bKcahjDTAZ2rhS1FhySMsQuK89M2NvkskmtjIk9qcCX:wBlL/cRzZ5aVTA2khy3MRks91Xxazt
Static task
static1
Behavioral task
behavioral1
Sample
9b20c6a0c05584185da23f0892a7a982_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9b20c6a0c05584185da23f0892a7a982_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/cwehlkdexhf.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/cwehlkdexhf.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
mxnu
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
naplesconciergerealty.com
Targets
-
-
Target
9b20c6a0c05584185da23f0892a7a982_JaffaCakes118
-
Size
252KB
-
MD5
9b20c6a0c05584185da23f0892a7a982
-
SHA1
dfc1531489c4a803b0125c95b93609989dc3b138
-
SHA256
53fb1511812b33448fb51c4a6a7f4095600f2d30251546466ab1d401191fa59a
-
SHA512
2321b765bc891e89970457a47886dba583d68d588ac163d65c1dc1188fc2cd2935497a0a1413a5f23daa5628ffd17e252b121a0e856332aa5de155b3e56bedae
-
SSDEEP
3072:wBynOpL12riocLMRcjGk4bKcahjDTAZ2rhS1FhySMsQuK89M2NvkskmtjIk9qcCX:wBlL/cRzZ5aVTA2khy3MRks91Xxazt
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/cwehlkdexhf.dll
-
Size
28KB
-
MD5
201dec4f5cfe9c448804d504da2b9f50
-
SHA1
4a565158eb3ee42694427374e11fc052a0bd3dad
-
SHA256
f70b1ff393e0aaf8c737ec09a41598d9e51fbdde8bb19a7051aecc8d0752c965
-
SHA512
52771f45ca9d51fe84d125fcb741ea9485ffef8620c5bf7c4cf233f66540dc27e48bc1b83d7a16dfd2faaafa66903dd7504620721385ce106addbde15a1bac82
-
SSDEEP
768:B7pNn0kP7w1oJDO7uYZMPHyko/9QPQSV:BHwFcHG1OV
Score3/10 -