General
-
Target
abd030bf8bc89061525172a66d7b3529_JaffaCakes118
-
Size
797KB
-
Sample
240819-veka9svhjh
-
MD5
abd030bf8bc89061525172a66d7b3529
-
SHA1
75a5b2bf4b045b15e28d57f644acb346f94a828a
-
SHA256
8c40d61e9bc6b4bae1468a3ad4f944512a2b5abe3ac440b961efb6c7c490f248
-
SHA512
5423857f45d59bf5f03f460b77a8decfc40d8bbb2071f97441df87705dfc39b38dfcb9a3c3570f2661b70893d63b49293270dc3522f2171b90152ca5a46eaf26
-
SSDEEP
12288:FC5C59YV6MorX7qzuC3QHO9FQVHPF51jgctrcdX/xfLZK+jNnhvu11JlDk3C47Co:eBXu9HGaVHGxFtK+ZhQ4ZD
Malware Config
Extracted
xloader
2.5
fpdi
jencio.com
b9jty7.com
banahinvestments.com
capitolfurniture.net
jlvip1086.com
pompeyocargo.com
designbyshubhi.info
elbauldepecas.com
bracelexx.online
advanceporbrx.xyz
ruihongco.com
wipemirecord.com
goodfoodsme.com
sommpick.com
rangilugujarat.com
realestate5g.com
spunkdlashes.com
palisadestahoehousing.com
brandingsocal.com
privatejetsboston.com
Targets
-
-
Target
abd030bf8bc89061525172a66d7b3529_JaffaCakes118
-
Size
797KB
-
MD5
abd030bf8bc89061525172a66d7b3529
-
SHA1
75a5b2bf4b045b15e28d57f644acb346f94a828a
-
SHA256
8c40d61e9bc6b4bae1468a3ad4f944512a2b5abe3ac440b961efb6c7c490f248
-
SHA512
5423857f45d59bf5f03f460b77a8decfc40d8bbb2071f97441df87705dfc39b38dfcb9a3c3570f2661b70893d63b49293270dc3522f2171b90152ca5a46eaf26
-
SSDEEP
12288:FC5C59YV6MorX7qzuC3QHO9FQVHPF51jgctrcdX/xfLZK+jNnhvu11JlDk3C47Co:eBXu9HGaVHGxFtK+ZhQ4ZD
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-