General
-
Target
f20fdb6a62e4769eeaf17d24b9208258_JaffaCakes118
-
Size
743KB
-
Sample
240415-2arywahh79
-
MD5
f20fdb6a62e4769eeaf17d24b9208258
-
SHA1
c2876bb0ce1383350085783bb5fe851a9b4dadf1
-
SHA256
48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7
-
SHA512
51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e
-
SSDEEP
12288:TeDs1BVQh8G71a4NQDOYyTjTtmJzOHZ+vuhxCVReS1z+V49qsTll9:9+h88uDJ+ssHguz2eSPqspl9
Malware Config
Extracted
xloader
2.5
e4nr
goldtruckclub.com
javshrimp.com
maeskhall.quest
smartlifeblockchain.net
omychiq.com
musclegearshop.com
namicoscorp.com
ncfqxxkj.com
verifique-banca.com
usadocnetwork.com
heartsurgerygroup.com
cbt-nightmares.com
libraprint.com
wh0n16.com
pompanopaintnsip.com
7aomoquzb9.com
cedse.com
karst-shop.com
target-checkbalances.com
infowebp.com
Targets
-
-
Target
f20fdb6a62e4769eeaf17d24b9208258_JaffaCakes118
-
Size
743KB
-
MD5
f20fdb6a62e4769eeaf17d24b9208258
-
SHA1
c2876bb0ce1383350085783bb5fe851a9b4dadf1
-
SHA256
48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7
-
SHA512
51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e
-
SSDEEP
12288:TeDs1BVQh8G71a4NQDOYyTjTtmJzOHZ+vuhxCVReS1z+V49qsTll9:9+h88uDJ+ssHguz2eSPqspl9
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-