General

  • Target

    40e29f642a24d2aae99c6ce61e05287d_JaffaCakes118

  • Size

    509KB

  • Sample

    240330-wexr2abf96

  • MD5

    40e29f642a24d2aae99c6ce61e05287d

  • SHA1

    08c759b93c052719fb7f09f057874d5a029a382e

  • SHA256

    030d67d113b2193c850c7ac4d993c571b478ce61d12b892a8feecc2938775d91

  • SHA512

    543f3c245622c55467290e4dc7a70621c4b003644b2e1c3e88f39e1aa965a304746935691069d5d5c9d1e4f1c8fc7ecf5773d37304988c8470cd08c582903280

  • SSDEEP

    12288:L0PJlc+p6/TOqZr6BlIwQNVmJKEi3updJgslkMb9rsbB:wPHR6/TO+cM7upMslkMb5sb

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b65i

Decoy

leofighters.com

smartat2.xyz

encontrevariedades.com

jimwilliamstutoring.com

kanpaiecuador.com

accura-inv.com

xtzgjxzz.com

scentstrategies.com

high-clicks2.com

hadishgebray.com

woodlawnbailbonds.com

dmsolutionsco.com

rdvulm21.com

beachyweens.com

ishirmansingh.com

rimmasbracelets.com

kellibrat.com

roselmasm.com

datkamoney.info

fermers.club

Targets

    • Target

      40e29f642a24d2aae99c6ce61e05287d_JaffaCakes118

    • Size

      509KB

    • MD5

      40e29f642a24d2aae99c6ce61e05287d

    • SHA1

      08c759b93c052719fb7f09f057874d5a029a382e

    • SHA256

      030d67d113b2193c850c7ac4d993c571b478ce61d12b892a8feecc2938775d91

    • SHA512

      543f3c245622c55467290e4dc7a70621c4b003644b2e1c3e88f39e1aa965a304746935691069d5d5c9d1e4f1c8fc7ecf5773d37304988c8470cd08c582903280

    • SSDEEP

      12288:L0PJlc+p6/TOqZr6BlIwQNVmJKEi3updJgslkMb9rsbB:wPHR6/TO+cM7upMslkMb5sb

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks