General
-
Target
589e7ca0f06ddb626d2ffb0cd5d96672_JaffaCakes118
-
Size
727KB
-
Sample
240729-w83v5syald
-
MD5
589e7ca0f06ddb626d2ffb0cd5d96672
-
SHA1
be4cac3604c3d698d8b1770304ac8be18967932d
-
SHA256
1277fb7fda4e11d5c61a6c07df4af7712070f01e002d54683c879c23e739519f
-
SHA512
3f4d39373c7e245acaeb47d5ed5b1a748111ba25aa7fb2256ad88577fae283990e335ab42a4129c49fa89328686fd4f07752da4f7036d9abad5727f2e82f84e6
-
SSDEEP
12288:XOL2EC+KNAlnSVi4dVNkKQqdiuV7a+u9LjyXyM+v9u6G1xgm:XGRYAlnG7T9V7a71j8L+Y6G1xg
Malware Config
Extracted
xloader
2.1
0tog
nordicgeneralcounsel.com
global1pbx.com
schoolcovidmap.com
asfsonline.net
landquestlandscape.com
streetsaheadleisure.com
acterialed.store
supremehtv.com
oregondst.com
gsmits.com
goldershealth.com
ideagroup.one
405eastfirststreetnapa.com
cleidgarciamarket.com
buybeatsbydre.com
icdr1.com
mydivinedelights.com
trotinette-electrique-shop.com
bigbrainmedialv.com
greatheightstours.com
Targets
-
-
Target
589e7ca0f06ddb626d2ffb0cd5d96672_JaffaCakes118
-
Size
727KB
-
MD5
589e7ca0f06ddb626d2ffb0cd5d96672
-
SHA1
be4cac3604c3d698d8b1770304ac8be18967932d
-
SHA256
1277fb7fda4e11d5c61a6c07df4af7712070f01e002d54683c879c23e739519f
-
SHA512
3f4d39373c7e245acaeb47d5ed5b1a748111ba25aa7fb2256ad88577fae283990e335ab42a4129c49fa89328686fd4f07752da4f7036d9abad5727f2e82f84e6
-
SSDEEP
12288:XOL2EC+KNAlnSVi4dVNkKQqdiuV7a+u9LjyXyM+v9u6G1xgm:XGRYAlnG7T9V7a71j8L+Y6G1xg
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-