General
-
Target
c0eb90010d882e33340c40bde08474cb_JaffaCakes118
-
Size
257KB
-
Sample
240404-ya8pvaha29
-
MD5
c0eb90010d882e33340c40bde08474cb
-
SHA1
f76f7e4eff72ed9d5669cef62ecda5b65d051c84
-
SHA256
014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92
-
SHA512
19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13
-
SSDEEP
6144:F8LxBsM33J1rFUe7alz20oWieTVzbNFhNFYwENyshjvsGEOdxn:/M3frFL7MFviQVxFhQJhLs3Oj
Static task
static1
Behavioral task
behavioral1
Sample
c0eb90010d882e33340c40bde08474cb_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c0eb90010d882e33340c40bde08474cb_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/fgxbpquymg.dll
Resource
win7-20240319-en
Malware Config
Extracted
xloader
2.5
mxnu
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
naplesconciergerealty.com
Targets
-
-
Target
c0eb90010d882e33340c40bde08474cb_JaffaCakes118
-
Size
257KB
-
MD5
c0eb90010d882e33340c40bde08474cb
-
SHA1
f76f7e4eff72ed9d5669cef62ecda5b65d051c84
-
SHA256
014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92
-
SHA512
19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13
-
SSDEEP
6144:F8LxBsM33J1rFUe7alz20oWieTVzbNFhNFYwENyshjvsGEOdxn:/M3frFL7MFviQVxFhQJhLs3Oj
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/fgxbpquymg.dll
-
Size
27KB
-
MD5
0b97cba1e0824c22255acd7317ed649d
-
SHA1
5c015f2a900554ba0d2303f5da3ebbaa78f7940a
-
SHA256
1618a682392591c00a2ee82b7eb7f4f082ec34350ad30dbe619b57198688b1e8
-
SHA512
e14ff3d23a702ff88077155e4c3262abcb20ad4d63d95070ad27046284db1ecaa586cef4a8ab22d1dd7d0361966d24f418d039cc04a52309ab9314f7fa58f123
-
SSDEEP
768:1oFujLc9Rml6Y8fFbSNAkYaX7mpBfZC3/NcSPcM2:6kLUmlFKzasBBC3/NcnR
-
Xloader payload
-
Suspicious use of SetThreadContext
-