General

  • Target

    2fa16ad56bddf430daf16b4fb71a3e35_JaffaCakes118

  • Size

    727KB

  • Sample

    240330-a4p8laea22

  • MD5

    2fa16ad56bddf430daf16b4fb71a3e35

  • SHA1

    232e3017f62a609d0ff918c456ab67eb546be95c

  • SHA256

    09b4fb11c410620d69ddc6caf95405f3d10005726c2953ac99f56547f81942b0

  • SHA512

    4d3e9a4675ac9213a101aa7d6d90779bf80812a46d3f4bda8368bf9d3128bc0bc41e1891c868b8a441bf893f12254aa6e2229bfd97bb0f5706683f05180f0040

  • SSDEEP

    12288:m7TgkEM+oUl40fiJTrTEa0AmQOkFMnkSlf9gg+qydsLPo:QTg7o90fiZruQOkantf9

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iwtr

Decoy

srikrishnadental.com

outthedoorinfive.com

batamgle.com

leela-13senses.com

iyhouse.space

brazzalb.com

camperinnrv.com

hageteruossan.com

alicepassion.com

wearethecardclinics.com

thenortherntechgroup.com

akademiarelacji.com

garu.club

brandscoop.net

ejassatulima.xyz

cdo-latam.com

noireimpactcollective.com

poquitotodo.com

g04urs14.com

mgytekstil.com

Targets

    • Target

      2fa16ad56bddf430daf16b4fb71a3e35_JaffaCakes118

    • Size

      727KB

    • MD5

      2fa16ad56bddf430daf16b4fb71a3e35

    • SHA1

      232e3017f62a609d0ff918c456ab67eb546be95c

    • SHA256

      09b4fb11c410620d69ddc6caf95405f3d10005726c2953ac99f56547f81942b0

    • SHA512

      4d3e9a4675ac9213a101aa7d6d90779bf80812a46d3f4bda8368bf9d3128bc0bc41e1891c868b8a441bf893f12254aa6e2229bfd97bb0f5706683f05180f0040

    • SSDEEP

      12288:m7TgkEM+oUl40fiJTrTEa0AmQOkFMnkSlf9gg+qydsLPo:QTg7o90fiZruQOkantf9

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks