General
-
Target
ef8a8ee5715950972a071606db42faf7_JaffaCakes118
-
Size
1.1MB
-
Sample
240414-z8zehagg2s
-
MD5
ef8a8ee5715950972a071606db42faf7
-
SHA1
0377d2e9eb57b8896694208c093d229b7819adda
-
SHA256
fc0e2a9e079a5b4e655a9df1c5ffff7d9a75253b67e19de4f6493cac7f1cc8de
-
SHA512
cc6a21a532becec572d9a667aad3fa223a8298c6f47581ef448c69af2920db6d9fae260844271a681f00469f196488a799943818a6821c4ec9b0e3e4a2c58170
-
SSDEEP
12288:X8Dc9F3nC0Py3gAhowPAA8gdBaY1Tn43UXW05r7SATsr2f6E4zcI+j4hwIP5USnf:XYPAAKYVRt7Hft4zcf4ge3
Static task
static1
Behavioral task
behavioral1
Sample
ef8a8ee5715950972a071606db42faf7_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.3
m6t2
online-profile-verify.com
moderngypsydesignlabs.com
aptecnologiagricola.com
caprevenue.com
arcadems.com
feedbackresearchinstitute.net
shivbodhi.com
mesaglobalindustries.com
trumphonduras.com
ifwebecomeportland.info
toluar.com
thegreatoutdoor.store
tipp24.online
penyaluranpuk08.net
sheliaddesigns.com
robpaulmessage17.com
santacruzlist.com
reiki4me.com
856380512.xyz
systemsreform.com
cozyclubshop.com
it-helpnumbers.com
btbaidu.com
hanamokuren8.com
lamujernegocios.com
zpsog.com
janslee.com
chain-main.space
luxurygreetings.com
mastermailz.com
naturesbestphotogapher.com
ondecktalentllc.com
jantadarpan.com
shreemoye.com
gracedev3.net
bluegreenaddicts.com
sleepapneasd.com
forexrating.net
americandos.com
hersimu.com
atteosgardens.com
edotred.com
nqseodorbhvk.mobi
insanswers.com
ishdnw.com
fundamentalconsciousness.world
betterworldvisionaries.com
lookass.net
groupasia.net
scotprop.com
thebriarcollective.com
checkfind24.club
boatdisposalfortlauderdale.com
scoopbeatzz.com
drakborgen.com
e3office.express
indilar.com
russelmurray.net
8997199.com
tacatamd.com
lolobling.com
ezbuy.life
thedefilife.com
ssssssssdggfsdfgdf.com
hydrajuice.com
Targets
-
-
Target
ef8a8ee5715950972a071606db42faf7_JaffaCakes118
-
Size
1.1MB
-
MD5
ef8a8ee5715950972a071606db42faf7
-
SHA1
0377d2e9eb57b8896694208c093d229b7819adda
-
SHA256
fc0e2a9e079a5b4e655a9df1c5ffff7d9a75253b67e19de4f6493cac7f1cc8de
-
SHA512
cc6a21a532becec572d9a667aad3fa223a8298c6f47581ef448c69af2920db6d9fae260844271a681f00469f196488a799943818a6821c4ec9b0e3e4a2c58170
-
SSDEEP
12288:X8Dc9F3nC0Py3gAhowPAA8gdBaY1Tn43UXW05r7SATsr2f6E4zcI+j4hwIP5USnf:XYPAAKYVRt7Hft4zcf4ge3
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-