General
-
Target
ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118
-
Size
251KB
-
Sample
240404-rpx4bsag48
-
MD5
ba9ca6b65a6e66f291cf4fd3449e0925
-
SHA1
2ffb987dcb591655799018dcbdb2d28735a7fae2
-
SHA256
bb8e1d48225b002a4da7d0c33051e7fc457e244ed610f536b87702439d978a46
-
SHA512
41f45ae87874995c41e407ea9cca6bf9d98cb5dd3711e116bd51f7cb799e9f75e65420b584dcb9d9e785e028ee1e3b6e93948297dc0df8f4cd4669b0ba6a6352
-
SSDEEP
6144:wBlL/cwhgl1Tgx26QyVSclufJQvRFc6cRMjWIXSCW0K:CeDW2YuxQvy2SSSCW0K
Static task
static1
Behavioral task
behavioral1
Sample
ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/femlcb.dll
Resource
win7-20240319-en
Malware Config
Extracted
xloader
2.5
rgv6
goodluck-shop.com
bra866.com
act2design.com
highclear.xyz
luneeatery.com
northeasttexasperio.com
lowresvideo.com
xn--gmqxk523cur2c.com
64382.online
duiqx.icu
successsuitsu.com
monarchscaffolding.com
bodybybetsy.com
bambooquotes.com
maktabeahlesunnat.com
francetempspartage.com
ivcleanse.care
vessel-wave.com
perranormalidad.com
inkhacks.com
ruggedimperial.com
acupuncturespeciallongevity.com
quick-tempered.com
inmobiliariapuertalavilla.com
ypqmmi.biz
tokyo-kyokuoukai.com
myclassify.club
pinkdragonflyfarms.com
lyceecondorcet.info
flipperfornrz.xyz
fmhra.online
exclusiveescortsmelbourne.com
freedomofmovement.digital
agrestemotors.com
improvizy.com
347391.com
brewsandreview.com
vpixar77.com
carlsbadandco.com
clauders.club
flushfreshz.info
haiwanghuyu.com
thealanhotel.com
haojiangbei.com
inv111.com
matajigroup.com
visaractivesprepaidscard.com
miukyshop.online
qipaiqx.com
soulshine.today
gtamgcqyxc.com
roganprybars.com
villanovas.com
summergreenarea.com
bjhwky.com
libell-provence.store
dgyijiabz.com
dicasdomentor.com
024atk.xyz
kokeguchisetsubi.com
portraitsbypaul.com
maschinenkrieger.com
kurtlee.club
xn--pgb3df.com
decorationnews.com
Targets
-
-
Target
ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118
-
Size
251KB
-
MD5
ba9ca6b65a6e66f291cf4fd3449e0925
-
SHA1
2ffb987dcb591655799018dcbdb2d28735a7fae2
-
SHA256
bb8e1d48225b002a4da7d0c33051e7fc457e244ed610f536b87702439d978a46
-
SHA512
41f45ae87874995c41e407ea9cca6bf9d98cb5dd3711e116bd51f7cb799e9f75e65420b584dcb9d9e785e028ee1e3b6e93948297dc0df8f4cd4669b0ba6a6352
-
SSDEEP
6144:wBlL/cwhgl1Tgx26QyVSclufJQvRFc6cRMjWIXSCW0K:CeDW2YuxQvy2SSSCW0K
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/femlcb.dll
-
Size
32KB
-
MD5
88bbe20c95a7e2352df7d65c94d93cf2
-
SHA1
8c4c321d47545f1f061a87f2bd42d2a6de5b79a2
-
SHA256
e975fcf3ad5d55c2dfc08191accebee44e4b1b61334851817c11f8676ac664d6
-
SHA512
08e1dcaa551b4e325fa8fbf77689cc7d8e2ebc04a7d4f8650a25211b45cd8017881ca825ba8c407708a0671eb2712317afbf389c1d3e4c5deccc46290145b8fc
-
SSDEEP
384:7zrsC2BrZ/Ocfy2Dk20vgddVxTn0NvlXrk6Oh9QZ3Q3aAGVKCwhUgn2Xw3ooY7:7cVVaorT0Nprm9G/whUgnEVR
-
Xloader payload
-
Suspicious use of SetThreadContext
-