General
-
Target
24d8e6cc929bb74585c94204900ee353_JaffaCakes118
-
Size
428KB
-
Sample
240704-gks9gazcnb
-
MD5
24d8e6cc929bb74585c94204900ee353
-
SHA1
c2d4590e3eb34aad43f2138e35d27454ec5be632
-
SHA256
e0f6a62ae1dfbd451655ef46b2d3f3267edd04fab1b9683a7087cfb89d40545d
-
SHA512
86e3f877b1faedad9cfa21588adafb28f0e45d25c48119555f661afb12b36b669ee1ea9ea6f21ab2dc2ac87ab9c2ceabe8ff5d9ec996809f3f131708854cf0e1
-
SSDEEP
6144:oka69q64IsC3PTuBZQTjFrHdv/OGOWKr8si+fssX6AkrfZlqpg2n94VK9gXt:oT6lDsMysTjBHdBOt8bAMpkRg9
Malware Config
Extracted
xloader
2.3
uidr
dulichsongcham.com
cash-royal.com
geneseewildlifetrapping.com
9cc9x79m3y2.com
ntjjzx.com
joinglooko.com
upmchealhtrak.com
hookandcask.com
orca-web.com
ag3holdings.com
empoweredinvestmentstx.com
lustywall.com
rcpelaurentides.com
goyalcoorchidnirvanatwo.homes
iotajinn.com
littlemlive.com
hippocratesbio.com
ashleysema.design
175a45.xyz
bpocompaniesphilippines.com
Targets
-
-
Target
Quotation.exe
-
Size
576KB
-
MD5
e1ebd51a52544a2ca2b2f8ac9a47a31c
-
SHA1
78c4acc43fedb4bf54220c7382b9a45c768aca3e
-
SHA256
f079d07d554c8fb387b3b5d040adb87504417def132f6e04578ecc0afd01eae6
-
SHA512
9bd32196620058a335ade12b0af4b94cddd37d2ed88004f1191e4f4fd7b805d6ebdad906c092c6d3d6e4859fa6ebd1902c0e9e15a29eeda7da1f1593797d7486
-
SSDEEP
12288:EzeaAF5gj58O4iwrhCB+jl9y1v2riq09qNZQNKF2AUjg7dA:E4gWO4vCBUg2rn091tA0gBA
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-