General
-
Target
ca68a998d9ed33841178fd898456fa70_JaffaCakes118
-
Size
455KB
-
Sample
240405-epq9kabg3v
-
MD5
ca68a998d9ed33841178fd898456fa70
-
SHA1
5bf8490907f77aee7999ac5826a648ac2aaf4a64
-
SHA256
a16f2d423430943200368f83b9a96afc304d51d94e04559a456491632948799d
-
SHA512
a2e520583dc489897db757ff113df161e0110e48122f0a5730c742dbd415f454f35dfa458016853268a0e7e0f11cc13a2490249c7a130e53bec34aa999239d6c
-
SSDEEP
6144:VBlL/ykSl843lwnJnokuEQHV1i2OXiBa+vt8IL3AoEAS/IYWdPupQ9p3h/5PFXnN:DxSll2JQEQXxOgvRwoEJ2dWpUx/5PD
Static task
static1
Behavioral task
behavioral1
Sample
ca68a998d9ed33841178fd898456fa70_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ca68a998d9ed33841178fd898456fa70_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/vimwjoytbc.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/vimwjoytbc.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
b2c0
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
thesewhitevvalls.com
Targets
-
-
Target
ca68a998d9ed33841178fd898456fa70_JaffaCakes118
-
Size
455KB
-
MD5
ca68a998d9ed33841178fd898456fa70
-
SHA1
5bf8490907f77aee7999ac5826a648ac2aaf4a64
-
SHA256
a16f2d423430943200368f83b9a96afc304d51d94e04559a456491632948799d
-
SHA512
a2e520583dc489897db757ff113df161e0110e48122f0a5730c742dbd415f454f35dfa458016853268a0e7e0f11cc13a2490249c7a130e53bec34aa999239d6c
-
SSDEEP
6144:VBlL/ykSl843lwnJnokuEQHV1i2OXiBa+vt8IL3AoEAS/IYWdPupQ9p3h/5PFXnN:DxSll2JQEQXxOgvRwoEJ2dWpUx/5PD
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/vimwjoytbc.dll
-
Size
24KB
-
MD5
59d48d07a4dff9490eb5080e52b3fef5
-
SHA1
6d7c3b754b744554e9397efd4c2529455abbddd7
-
SHA256
63a1932abbb4a08a4c7e1d250433598fdf71f50be2686c9f4a420b57c9239f38
-
SHA512
c58555e0a3fe97bfad6909d1ce7ecfafdca13c0936ca12adfb67cc9707a629c15bb617e03c32adcbad299d8c35a7def50003b0159cb73155b4d53c9edb2df8b0
-
SSDEEP
384:Mreew0hDTd6lzQk+L1ukTnZs3T8XjA4gOx9EqsbrpP+AMeg:0wId6J41u0n6D8Xdw/r3M
Score3/10 -