General
-
Target
89c4a6e31301426a02becec20396c705_JaffaCakes118
-
Size
366KB
-
Sample
240811-ky1ggsshpl
-
MD5
89c4a6e31301426a02becec20396c705
-
SHA1
05c4fea9da4124f3e2fa721ce9c3543a59723a7a
-
SHA256
7dd8ab4b5aad43b6571ac2b5f543dbf23aef7847ae4eb395340808ea11a5f9b0
-
SHA512
75093cdd8fbb5f84b32e1a4d98d6e56890dacfe4f39d9a13c25be84fc9f0684638cf2340e17d1f5f99a7bdbff13d3c9a338c1827886d340978a629e54d37722c
-
SSDEEP
6144:+ys4x2J/ib3gpk7PLVYd9AcAVjHjI/V31IIGSBRlvbfe7vP+kcyB9hHy8oAoUwVO:TXx2J/vpILVYrAcFd31f1DZpq9hybbVO
Static task
static1
Behavioral task
behavioral1
Sample
P.O-48452689535945.exe
Resource
win7-20240704-en
Malware Config
Extracted
xloader
2.3
h3qo
dhflow.com
jyindex.com
ezcleanhandle.com
trungtamcongdong.online
simsprotectionagency.com
easylivemeet.com
blackvikingfashionhouse.com
52banxue.com
girlsinit.com
drhemo.com
freethefarmers.com
velvetrosephotography.com
geometricbotaniclas.com
skyandspirit.com
deltacomunicacao.com
mucademy.com
jaboilfieldsolutions.net
howtowinatblackjacknow.com
anytimegrowth.com
simranluthra.com
thefinleyshow.com
basalmeals.com
esurpluss.com
hrbjczsfs.com
tourphuquocnguyenhien.com
mxprographics.com
themetaphysicalmaster.net
directorystar.asia
thehomeofdiamonds.com
riqinxin.com
covicio.com
sciineurope.com
womensportclothes.com
celestialchimes.net
lotsmen.com
hi-rescloud.net
lewisnathaniel.com
ageonward.com
eyetownglasses.com
bingent.info
matildealvaradovera.com
otorrinonews.com
cdeg898.com
lexingtoncoorgresort.com
minidachshundpups.com
tools365-shop.com
romancingtheeras.com
residentmining.com
aquaflowsprinklers.com
crackapks.com
caffeinatedeverafter.com
sureyyapasa.net
strawberryhearts.com
ptgo.net
devyshkam.com
thethrottletherapy.com
givelyrics.com
signaturepsinc.com
mersinsudunyasi.com
fivedayskitchen.com
fefebeauty.com
long0001.com
hmm40.com
claracarbon.com
elevatedenterprizes.com
Targets
-
-
Target
P.O-48452689535945.exe
-
Size
521KB
-
MD5
579c372392d600a9ef621ae4c1f7341a
-
SHA1
e4fb160d99727aa5ffee784c9a5f52f6581704ee
-
SHA256
f564f410274ccf48d4513984d1da95edefa874a555f5e7d95fae7f9cc1f46b6b
-
SHA512
1c744f5d9b4bb04e0ed84bc66ad6a4970e2ff18da28a4c2b9910683821c6fe43ad585e22c56fbb26e1c0db547c7e58d432ffb9c1186da81b47c7f13e7335755f
-
SSDEEP
6144:0uq2lrmbYS9j7tCiyEKAm63z9EZgVY+RQbwesfqFi/mpZ5bjf9VAZUUryjzbi:0WCbYQjoiuM3J0CyFzxVAZnreXi
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-