General
-
Target
92c3d7e0f19c725646dc759eeb4c36e0_JaffaCakes118
-
Size
1.2MB
-
Sample
240813-mz8klathkr
-
MD5
92c3d7e0f19c725646dc759eeb4c36e0
-
SHA1
f8c06791ecd35bb386c8a290c5f12eb02dc68c0f
-
SHA256
6cef6976c4f45e3d2f0fc181f4efdf9850dd260bc89367ea2dbacad087ba34d3
-
SHA512
e0c94dd2887063a8306bc285a91aac477ab47b18dda3c6f74f3ac6187b438b9600efdde244d0327fd2889f09cd32e9cddead72e4dffd558d0da676608ed4c4cb
-
SSDEEP
6144:Jx/MLiVFI8E2SO1l/oZzHACNIrl9F6G+WIEarFV:f1o8E2Scl4HMp9FzI9f
Static task
static1
Behavioral task
behavioral1
Sample
shed.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
shed.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
d4xd.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
d4xd.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
xloader
2.3
r8pp
ishqjewelery.com
gfshanta.xyz
koolbreath.info
ukarchitecturalglazing.com
safwewds.com
padshows.net
shynebrightrentals.com
gemstonewiz.net
anteplizade.com
garbagetrucksrule.com
mybeautifulplanetblog.com
princessi.com
beautyld.com
arrival-globe.com
peach-sandbox.finance
epsb2b.com
tomp3d.net
bostonm.info
inflectionadvice.com
servicesguidedata.com
stormybuzz.com
torellomountainwines.com
terrafirma-windows.com
beypil.com
ibluebaytvwdmal.com
bodadata.net
makaylabeauty.com
028zwz.com
amazon-i2.com
knowledgg.com
themontebelloatbiltmore.com
brandprtex.net
innovateitllc.com
diecuttingqueen.com
jamaistropcher.com
abcyao.com
lch567.com
shorenzan.net
travelxstudy.com
southtexasboatstorage.com
410advisory.com
sistemaaurora.com
jjkvic.com
fa-ecimb-is.net
rjsolutions1.com
calendarmeister.com
lpmconnect.com
karadenizturk.com
securereminderntflix.com
lengzu.net
naijafeeder.com
stpcdelarm.com
hrestyky.com
madabouttinseltown.net
looplaundry.com
ojaih20.com
cybernacle.life
eurdesen.site
fordvv.com
chihuahuas.website
shine-online.club
sweetleesoaps.com
hirassweets.com
bayanfoyle.com
theunioncigar.com
Targets
-
-
Target
shed.exe
-
Size
295KB
-
MD5
c8b318ed16d918943d2fa406840738c4
-
SHA1
a61153eae1a7aee1ee57128f3f7284ed6592af30
-
SHA256
ad855c55e13ef5274a20805a3836b508c29cae12d0a2de2807aed08ed4090ddd
-
SHA512
dbe2be95fc13c607e81093ed4da10418a8d3b761a2c38179f3a5045fd2509d3c0e3b0ee589a55f3c8691d99ab2e48bc9575b60d1a26b391fd4b6e6a59e1acc31
-
SSDEEP
6144:Gx/MLiVFI8E2SO1l/oZzHACNIrl9F6G+WIEarFVr:61o8E2Scl4HMp9FzI9fr
-
Xloader payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
d4xd.dll
-
Size
10KB
-
MD5
cc531db3ae7d662a2054f787c038762d
-
SHA1
5f87a3836db1886d07a0d480cb7b72d89672d36a
-
SHA256
9ca23ee06a0d89ba6a9b18bce1e3a7d94bf987df10234d2890d5e860d8a2790a
-
SHA512
e01ddaadf0efb4f4ec556e9882d02a51666a5cef118ec617f42c75bf80abb8566a6393fd6899fc76c9537eb66ef2c081fb5eec13f13bdc2a2ee74bd1b34d5632
-
SSDEEP
192:w1fC8d6aoXnsYIx694C+SX/FOGXyCp2X+7FTpxRkSZDm:SC+6tyQj+SXtHFpLFTpxb
Score3/10 -