General
-
Target
b1e98b432deb419643d81c167fe0dc37_JaffaCakes118
-
Size
253KB
-
Sample
240404-gxledsha86
-
MD5
b1e98b432deb419643d81c167fe0dc37
-
SHA1
305c82fcc0699859e9fe11cc08f8678e23779a3e
-
SHA256
da0e2504009a426b799d9135979188e2c4533f69c2e981650afc51d5e8e320c2
-
SHA512
440e0429a4bb817b7ca9bb91f722b6678a6e443a0239a1a859e0de9d8d76f78a4a3c47b2a89b0340f97a9015d852b070788ae1fcc7e0b819115b45c702d661ed
-
SSDEEP
6144:wBlL/c7DTS77ZWSwgwNbXX3VQ+Zw3JlKKjzUh30RfGK54ydrBv:Ce76hw1NXXFx+KzERtdrh
Static task
static1
Behavioral task
behavioral1
Sample
b1e98b432deb419643d81c167fe0dc37_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
b1e98b432deb419643d81c167fe0dc37_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/evpz.dll
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.5
mxnu
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
naplesconciergerealty.com
Targets
-
-
Target
b1e98b432deb419643d81c167fe0dc37_JaffaCakes118
-
Size
253KB
-
MD5
b1e98b432deb419643d81c167fe0dc37
-
SHA1
305c82fcc0699859e9fe11cc08f8678e23779a3e
-
SHA256
da0e2504009a426b799d9135979188e2c4533f69c2e981650afc51d5e8e320c2
-
SHA512
440e0429a4bb817b7ca9bb91f722b6678a6e443a0239a1a859e0de9d8d76f78a4a3c47b2a89b0340f97a9015d852b070788ae1fcc7e0b819115b45c702d661ed
-
SSDEEP
6144:wBlL/c7DTS77ZWSwgwNbXX3VQ+Zw3JlKKjzUh30RfGK54ydrBv:Ce76hw1NXXFx+KzERtdrh
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/evpz.dll
-
Size
32KB
-
MD5
c820bfe346d35f1ed0d3017cadb8f16d
-
SHA1
a98131691df2b4445124304307130888050fe410
-
SHA256
439e5f590b4bea13a9bfb7c94bbd8fa99f45a310dc44c241db2375b4e8923cb3
-
SHA512
7d89e8677b46c3456559a0061f992be6169c63ec6a2a2eb7ec73ff36fe1fc28cbdbf3436c74fe528572b14f6865ec0f03e5480782243674ffc4423a00cefc66f
-
SSDEEP
384:uIbr7TBKwNuNjiVMauKBO1AhvxF756rLAK5GNrPAg9K8OtwBpYxjETl7:uIZfYNjCy1kxFsr5GNr195OccETp
-
Xloader payload
-
Suspicious use of SetThreadContext
-