General
-
Target
9c990c091e85d7c7530e8b3c3e1631f9_JaffaCakes118
-
Size
480KB
-
Sample
240403-b2xqbscb2y
-
MD5
9c990c091e85d7c7530e8b3c3e1631f9
-
SHA1
9db0555370cc85e5bd4194e267d84768910d8ac5
-
SHA256
784425a3324d90d5d4028f545c946ac1b39eacd8875f6f182417e9e8621a5e0a
-
SHA512
f077753d9e7dc4a6d12f93131a0849f0855ff0b1a1c2534ce401b4e3ce8e1a8df66f3bbc0c1829199b614193e36ba5e8b8ed4f17bba2f2177278c353eb1d61ca
-
SSDEEP
12288:2XZ8E2OZXGBaepXdDcUu5GPxR4jqH8OQlTD:2ZDVEaepXdTBPHQ
Static task
static1
Behavioral task
behavioral1
Sample
9c990c091e85d7c7530e8b3c3e1631f9_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.5
bkqi
woodbridgelearninglab.com
kalexandynle.xyz
hallibrewerproductions.com
cuevasconencanto.com
starfishexuma.com
douwuba.com
dexandrue.com
aprendes.academy
enderisler.com
alstartnpasumo6.xyz
3dysp.com
myhousesfit.com
thousandoaks-jaglr.com
ikeg-ger.xyz
yuzhou-shen.com
enohydra.com
lesentreprisesgerco.com
fivem-exotic.xyz
soarlend.com
deuxcentsept.com
bbellitia.com
nasshope.net
emasign.com
ksa-onlinetravel.com
auotomoney.com
globalcovidalliance.net
theorigins.xyz
fengshuo99.com
lly03toyof4.xyz
thelifenegotiator.com
sexytessa.com
i8s3.com
mendingplace.net
ddnnaoto.com
lumichargeinfo.com
ehs68.com
digitalfiattrading.com
comouv.com
cunnters.com
bomboninc.com
singeme.com
bnbape.com
wjslhj.com
esiroyuncu.com
99101.net
metagforce.club
odavideo.xyz
strantexop.com
id-214381.store
geektranslate.com
ddpuertorico.com
monespacesanitaire.com
33sexy.com
vitrerie75016.net
tanisan.cloud
vwdtransportllc.com
nnw.photography
covid19.kim
accraacaalumni.com
moleculairescents.com
espeeusa.xyz
terravillaliberia.com
prakunyukmai.com
tennesseewagering.com
phdwiser.com
Targets
-
-
Target
9c990c091e85d7c7530e8b3c3e1631f9_JaffaCakes118
-
Size
480KB
-
MD5
9c990c091e85d7c7530e8b3c3e1631f9
-
SHA1
9db0555370cc85e5bd4194e267d84768910d8ac5
-
SHA256
784425a3324d90d5d4028f545c946ac1b39eacd8875f6f182417e9e8621a5e0a
-
SHA512
f077753d9e7dc4a6d12f93131a0849f0855ff0b1a1c2534ce401b4e3ce8e1a8df66f3bbc0c1829199b614193e36ba5e8b8ed4f17bba2f2177278c353eb1d61ca
-
SSDEEP
12288:2XZ8E2OZXGBaepXdDcUu5GPxR4jqH8OQlTD:2ZDVEaepXdTBPHQ
-
Xloader payload
-
Suspicious use of SetThreadContext
-