General
-
Target
27c225daac0c41786f416a73f6d4ee60_JaffaCakes118
-
Size
736KB
-
Sample
240329-vmpwqadg26
-
MD5
27c225daac0c41786f416a73f6d4ee60
-
SHA1
2be9b42b658709ffb1f8326992668f64cb0b3690
-
SHA256
582ac71b89432d6b319e3fc21336c30090195549d9f9643a49cebf6a3e2ee05f
-
SHA512
b569fdfd7e7a2764e640dc8571a4c4f051ee3e1215d19cc7425e18e5c252346e4e2f2bbb693079529b3f9c8fe35f6e9ae6a25b8db5ab1b6a8201fd08ce9641ae
-
SSDEEP
12288:oKSbh08OGQuZLvqJFTPpGa9RMRGzkjPz3ICI1FHe2JWk3n9gbnLk3:ZnGQYTqlQGzkj7IC4e2L
Malware Config
Extracted
xloader
2.5
xc52
koebnertriangle.com
maltbahis74.com
invisionment.com
buzzcupid.com
portavellarestaurant.com
vegan-mexican.com
magotan100.com
focalpatio.com
teammissouri.club
marketplacejoy.com
cxz6.com
bettersalud.info
viesereine.net
neondashboard.com
linuxsauce.net
samuelcollie.com
lavishlylashed.net
gosseinsag.com
isaeitaly.com
mediakal-sa.net
Targets
-
-
Target
27c225daac0c41786f416a73f6d4ee60_JaffaCakes118
-
Size
736KB
-
MD5
27c225daac0c41786f416a73f6d4ee60
-
SHA1
2be9b42b658709ffb1f8326992668f64cb0b3690
-
SHA256
582ac71b89432d6b319e3fc21336c30090195549d9f9643a49cebf6a3e2ee05f
-
SHA512
b569fdfd7e7a2764e640dc8571a4c4f051ee3e1215d19cc7425e18e5c252346e4e2f2bbb693079529b3f9c8fe35f6e9ae6a25b8db5ab1b6a8201fd08ce9641ae
-
SSDEEP
12288:oKSbh08OGQuZLvqJFTPpGa9RMRGzkjPz3ICI1FHe2JWk3n9gbnLk3:ZnGQYTqlQGzkj7IC4e2L
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-