General
-
Target
c3f2050787e70cc38227bb4489e46865_JaffaCakes118
-
Size
248KB
-
Sample
240404-2vtyzacf5x
-
MD5
c3f2050787e70cc38227bb4489e46865
-
SHA1
a6c0c399c51172400274049a0c938b9f7ad7411a
-
SHA256
10012b6185457cc008e74c63602e39ccc862866cfecb5f2ab04b1aa9e9edde9a
-
SHA512
5474e00a3264a5cfe51c6c5582962888f8fcc8482f423b7e5a69776c89d1de8ece6b2cf2902fe732607272b2006a6bb80a4003a3cba75b36e9628171cdb2f820
-
SSDEEP
6144:wBlL/cunaDKUurO6gvBUnINSsHOhcUFXjE:CeunaDirO62C1s8TE
Static task
static1
Behavioral task
behavioral1
Sample
c3f2050787e70cc38227bb4489e46865_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c3f2050787e70cc38227bb4489e46865_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/zglbbz.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/zglbbz.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
nqn4
posadaluna.com
ztwl2000.com
cvmu.net
marvellouslles.com
tiromiesu.com
allinsqadminn.com
8straps.com
buyfood.store
jipodh.xyz
earthsidesoulalchemist.com
overiodize.xyz
weed.enterprises
minuseasy.com
konchord.com
14attrayanteoffre.com
brasbux.com
aog.group
hairuno.com
solheimdesign.com
cosmetictreat.com
datingperformance.website
woaini.website
totusnet.com
palisadestahoeresorts.com
judoclubalbigny.com
positivethingsbymarion.com
ejezeta3d.com
viar.website
qgt114.com
trust-top.net
diet-health-and-beauty.tech
anytimedryout.com
lexhire.com
blazingfastcredit.com
serenityminded.com
retirees-aa.net
futurehumandesign.net
92clavelcourt.com
primaryblohtw.top
alhudadevelopers.com
evertownnyc.net
storyconnect.tech
minecrafttop.net
wordofgod.xyz
cmledbetter.com
dromenvangers.com
thedelawarekeys.com
perfectionbyinjection.com
dehn-sso.com
alltagsentlastung.com
poradniabioetyczna.com
ayushigangwar.com
stlaurenthp.com
alsafi.website
lkdwaterfowlers.com
needaletterforfreedom.com
eco1tnpasumo3.xyz
lawsonboards.com
unapologeticlyme.net
hoshikuzu-hegemony.com
notedinvestment.website
ebikerating.com
bigbrostudios.com
ansisms.com
geefmijcorona.online
Targets
-
-
Target
c3f2050787e70cc38227bb4489e46865_JaffaCakes118
-
Size
248KB
-
MD5
c3f2050787e70cc38227bb4489e46865
-
SHA1
a6c0c399c51172400274049a0c938b9f7ad7411a
-
SHA256
10012b6185457cc008e74c63602e39ccc862866cfecb5f2ab04b1aa9e9edde9a
-
SHA512
5474e00a3264a5cfe51c6c5582962888f8fcc8482f423b7e5a69776c89d1de8ece6b2cf2902fe732607272b2006a6bb80a4003a3cba75b36e9628171cdb2f820
-
SSDEEP
6144:wBlL/cunaDKUurO6gvBUnINSsHOhcUFXjE:CeunaDirO62C1s8TE
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/zglbbz.dll
-
Size
28KB
-
MD5
2a4a17df7d15fbdd5d79def67aa868c4
-
SHA1
6f213e4f6c99e9cccc6f885a1fbc208e699bd7c3
-
SHA256
ce31d179d783748cf50244baf49d5a59643740c16c0fb77253ddf79b9b2b7048
-
SHA512
c9bfc03e6d92645f90c2a35f5b9b42226c4651f6bdafb4d99236f966e88dba3b8188bc44630f7b73cc7817b26f28ea78b72f016dbb845604ee03f0c96a9a0e8e
-
SSDEEP
384:g97T95oBiNHxHGEahEewcswd3MevEFmJkkdoiWgAhdiFc5/aD9eBEL2WhYTn3gdh:gdp50G0thEwIevOklfCiy5/RBE6Sr
Score3/10 -