General
-
Target
cd082d86c8243824b21969ef80ebd2e8_JaffaCakes118
-
Size
248KB
-
Sample
240405-hytylaeb31
-
MD5
cd082d86c8243824b21969ef80ebd2e8
-
SHA1
dae3abb03aaab4bed3733d8756b8ddca512c9806
-
SHA256
dc79715b1603acf022ff683ea5042eda16428d8d383d3779b292e8ea8c72f81a
-
SHA512
73218fbaf8b7ee9c6d729f30e88fcf7c491dd6af09bd06af5dd4ef956cc0243e2d4a2c7f04ea9e67f7a6242bdcc2fec174c8d3693e6a629ad04bcbbe86f0a5bf
-
SSDEEP
6144:wBlL/cyM+BhiUgI4kUV5+bwntgBVJm8QEAfwJYWAYisnAxRZ:Cei60bwtiJm8ZSw7AYissRZ
Static task
static1
Behavioral task
behavioral1
Sample
cd082d86c8243824b21969ef80ebd2e8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cd082d86c8243824b21969ef80ebd2e8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/qjlai.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/qjlai.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
xloader
2.5
mxnu
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
naplesconciergerealty.com
Targets
-
-
Target
cd082d86c8243824b21969ef80ebd2e8_JaffaCakes118
-
Size
248KB
-
MD5
cd082d86c8243824b21969ef80ebd2e8
-
SHA1
dae3abb03aaab4bed3733d8756b8ddca512c9806
-
SHA256
dc79715b1603acf022ff683ea5042eda16428d8d383d3779b292e8ea8c72f81a
-
SHA512
73218fbaf8b7ee9c6d729f30e88fcf7c491dd6af09bd06af5dd4ef956cc0243e2d4a2c7f04ea9e67f7a6242bdcc2fec174c8d3693e6a629ad04bcbbe86f0a5bf
-
SSDEEP
6144:wBlL/cyM+BhiUgI4kUV5+bwntgBVJm8QEAfwJYWAYisnAxRZ:Cei60bwtiJm8ZSw7AYissRZ
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/qjlai.dll
-
Size
23KB
-
MD5
6c8b646db465cc86802da2d0998b6f41
-
SHA1
14718c272ce06b56bd65fc60d17ab19be45f8766
-
SHA256
ffe13c127deadbd715b04324469a50e3f88f4f2aa1497350052a579ec41cdeeb
-
SHA512
b957b26f07f31fdc9da2f72f87b4af03f94a8f1b2618d5c1fe1e69ddb571f1cda7412ced4e54e7c328f0695b758bffea5a9a6719ea104872a158d265b1185549
-
SSDEEP
384:S0pXHbgQvsQPECPkKhCb5Y9Wo+zFA14ivowvPyVmM12rgHQV4V:SEX7TPpPNClo+TOowvPyVnYgHQ+
Score3/10 -