General
-
Target
d5e15de49142f442f0932e1f0634675b_JaffaCakes118
-
Size
478KB
-
Sample
240405-rgbv5aeb2y
-
MD5
d5e15de49142f442f0932e1f0634675b
-
SHA1
1e7a8c6b4c80f75ecee044a01ad5765de9f0f78f
-
SHA256
10a96288de8785786b009b94ee858093999c9b690991474b95455192b7622e0b
-
SHA512
fe5e7b39628f9e57850c8ce2eb410799bb65efeb0ab70c8824c5b72f2e82649880fed1b3d64dbd23eb552a0c037272a4305b71d7ef17b64ea4dfbb44437f01e2
-
SSDEEP
12288:DecAHyoOkNapEasXE8Q/Zd4+Fij+3G1x3DqumR9+LVizg1/X8dm6at1wuWpTx3ii:DeuaRnmRiV7pGGEj
Static task
static1
Behavioral task
behavioral1
Sample
d5e15de49142f442f0932e1f0634675b_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.5
ef6c
gicaredocs.com
govusergroup.com
conversationspit.com
brondairy.com
rjtherealest.com
xn--9m1bq8wgkag3rjvb.com
mylori.net
softandcute.store
ahljsm.com
shacksolid.com
weekendmusecollection.com
gaminghallarna.net
pgonline111.online
44mpt.xyz
ambrandt.com
eddytattoo.com
blendeqes.com
upinmyfeels.com
lacucinadesign.com
docomoau.xyz
xn--90armbk7e.online
xzq585858.net
kidzgovroom.com
lhznqyl.press
publicationsplace.com
jakante.com
csspadding.com
test-testjisdnsec.store
lafabriqueabeilleassurances.com
clf010.com
buybabysnuggle.com
uzmdrmustafaalperaykanat.com
levanttradegroup.com
arcflorals.com
kinglot2499.com
freekagyans.com
region10group.gmbh
yeyelm744.com
thehomedesigncentre.com
vngc.xyz
szesdkj.com
charlottewright.online
planetgreennetwork.com
pacifica7.com
analogueadapt.com
sensorypantry.com
narbaal.com
restaurant-utopia.xyz
golnay.com
szyyglass.com
redelirevearyseuiop.xyz
goldsteelconstruction.com
discovercotswoldcottages.com
geniuseven.net
apricitee.com
stopmoshenik.online
ya2gh.com
instatechnovelz.com
dbe648.com
seifjuban.com
conquershirts.store
totalcovidtravel.com
pamperotrabajo.com
satellitphonestore.com
fis.photos
Targets
-
-
Target
d5e15de49142f442f0932e1f0634675b_JaffaCakes118
-
Size
478KB
-
MD5
d5e15de49142f442f0932e1f0634675b
-
SHA1
1e7a8c6b4c80f75ecee044a01ad5765de9f0f78f
-
SHA256
10a96288de8785786b009b94ee858093999c9b690991474b95455192b7622e0b
-
SHA512
fe5e7b39628f9e57850c8ce2eb410799bb65efeb0ab70c8824c5b72f2e82649880fed1b3d64dbd23eb552a0c037272a4305b71d7ef17b64ea4dfbb44437f01e2
-
SSDEEP
12288:DecAHyoOkNapEasXE8Q/Zd4+Fij+3G1x3DqumR9+LVizg1/X8dm6at1wuWpTx3ii:DeuaRnmRiV7pGGEj
-
Xloader payload
-
Suspicious use of SetThreadContext
-