General
-
Target
ff397e1e4722dba8ae3c8242380f7062_JaffaCakes118
-
Size
569KB
-
Sample
240929-ylhb2axfjq
-
MD5
ff397e1e4722dba8ae3c8242380f7062
-
SHA1
7a818469c2e889c030f59685aa6b424245f3c2ad
-
SHA256
694117b21c4400edfe53b8d129cc2cdbd3cfbacb64aea3d2149dd43deb69b6b1
-
SHA512
9da58f585342f29e9d336f4a4b59f5c6f4d53651e27563c551fe9973e350d2586b7ff28ebd94fd8161b8ab8f40d165d22e4a6b9f57c0626ecf48c57521b0e340
-
SSDEEP
12288:aSZNW1cv0iiJS5cFsFSHli/cTSFep+dqF/nLdu8kbB7+lIoCWNc7:aKdrb5EsIHUFe7nxKNSlva7
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_2345.exe
Resource
win7-20240704-en
Malware Config
Extracted
xloader
2.3
bu2n
vacuummates.com
orderladolcevita.com
sumopub.net
adamerico.com
royalesalon.com
deardealta.com
bostonm.info
eugenfischer.net
xn--ah-ska.com
mahirgyan.com
termogenicodicas.com
safaacn.com
honeystreetdigital.com
taylorscontruction.com
incontrol-co.com
smtp0769.com
distinguishedcavalry.life
inthehillsinc.com
concordarabuluculuk.xyz
persommwine.com
soksi.net
ahrenshoop-ferienwohnungen.com
bawdyofficial.com
ofertasmundial.com
monsacc.com
wynburgpharma.com
artbirdshop.com
kinderpolyfarm.com
crossdao.com
locksmithprosecurity.com
zozchat.com
myfelicecafe.com
withagency.services
millennialsdigi.com
votenoon2alaska.com
businesscraft.website
shemalevariety.com
dogapparelandmore.com
harmonywormald.club
levismad.com
royareign.com
knowurecs.com
livetv-ingress-alpha-easywp.xyz
webrenimat.com
salumaquiropraxia.com
cavalrychristianfellowship.com
myoasiscollection.com
sjtruckingtransportllc.com
help72-paypal.com
tadalafilcialis20.com
jordanweare.com
thetruemuslim.com
trutthit.info
makzmanagement.com
collegium-lmi.com
lorvencompanies.com
bestbluebuy.com
hanisahsani.com
vegascoaster.com
walknjoy.com
tascosatransport.com
cinchain.com
ukcougarforum.com
happilyholtry.com
1groupinsurance.site
Targets
-
-
Target
RFQ_2345.exe
-
Size
789KB
-
MD5
3b5d2404cde0045707b58adc2eada0bc
-
SHA1
8b6885cc398d14d264c35064da5f5c7a1563b6b5
-
SHA256
3cd1e0124a1fd0d922c432d01e909479692e7133dc1b33b739e7b9701b03444d
-
SHA512
b6bf4dfd354de57ffdf697dbfe97e24a3ed08ad8d1ffe7297415a994e803aef0aed9ce6afa74e823ce4517edfa816d22f95460e1f085d587f3ebcf1c4d94ca10
-
SSDEEP
12288:fwBQSnZl+lZbAy/TYTXSNwRzli/cTSxep+dqQSnL/u8kbW7+lIBkcLxElV6iQQR1:fw18bHTcXSedUxeXnzKCSlmkmxEbP
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-