General

  • Target

    6850ea10453df9ba55f19aaab9322445_JaffaCakes118

  • Size

    981KB

  • Sample

    240401-fka78aed74

  • MD5

    6850ea10453df9ba55f19aaab9322445

  • SHA1

    55daafbcb4e4ccd9b64802dae321d31660d2502d

  • SHA256

    cdf04db4f38a3af95ce0441810eaa0919ec5b5f61d53976a8dcd2469d134de79

  • SHA512

    6756a6639ba95942c3c0fd6c237f8f281a301ab17c0f49499a967c5d674846e1173048b04ab79a977738247d04c255086adcb6517bcadb34e342738db572cd6e

  • SSDEEP

    24576:vWNWgJJKiiXCxh8eC/9qS64JGIS543eHS4PP0:vWWmKMgtJGIh6S4E

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g91q

Decoy

familiengeschichtsforschung.com

brandingperspective.com

qctxcyagmn.com

gabrielecancilla.com

consultjenhome.com

raquelshaye.com

catix.store

cafemargaritastreet.com

649521.com

jhugiugiyfogiyfof.space

ktnspace.xyz

server-ku.com

dlatrxs.com

answertitles.com

tyzdia.com

thedavidhearne.com

verbenalifestyle.com

eniso-team.com

xn--jger-loa.media

ejassatuenam.xyz

Targets

    • Target

      6850ea10453df9ba55f19aaab9322445_JaffaCakes118

    • Size

      981KB

    • MD5

      6850ea10453df9ba55f19aaab9322445

    • SHA1

      55daafbcb4e4ccd9b64802dae321d31660d2502d

    • SHA256

      cdf04db4f38a3af95ce0441810eaa0919ec5b5f61d53976a8dcd2469d134de79

    • SHA512

      6756a6639ba95942c3c0fd6c237f8f281a301ab17c0f49499a967c5d674846e1173048b04ab79a977738247d04c255086adcb6517bcadb34e342738db572cd6e

    • SSDEEP

      24576:vWNWgJJKiiXCxh8eC/9qS64JGIS543eHS4PP0:vWWmKMgtJGIh6S4E

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks