General

  • Target

    331c15b0107b096b2ccfbc4867c1e2f3_JaffaCakes118

  • Size

    554KB

  • Sample

    240330-elyt8shb69

  • MD5

    331c15b0107b096b2ccfbc4867c1e2f3

  • SHA1

    c644a28a081f2ba43a3adc63cdd322f7769d5d23

  • SHA256

    15624bebe7e780932d151ba3b3a65ecd16b0762597a63b76e51f85c375261c10

  • SHA512

    a968351a4ac257d72917e2f52c97a872d52eddd046a692a0d53ccdf3c9c2b1345ed138e9f2906a76beea7051f9584c73338b1b2350c150d84f704b69f265a378

  • SSDEEP

    12288:XNsMDSBCYZjoEbWjKsJzABY4wkPMwmsc251OV:aFBCY+EZMzWYW9LG

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rca2

Decoy

bapzcosmetics.com

skillsgage.com

mingshiweiye.com

dcc-compliance.com

emprenbook.com

firn.site

haryanaricemil.com

fleetwoodfoods.com

jlnxhbkj.com

surajsanyal.com

jubakey.com

auroraunitedshippingco.com

propolis-surabaya.com

vasinvestments.com

breederschallenge.com

tafcoo.com

417motoringparts.com

livemis.com

drainassist.com

kristenguestart.com

Targets

    • Target

      331c15b0107b096b2ccfbc4867c1e2f3_JaffaCakes118

    • Size

      554KB

    • MD5

      331c15b0107b096b2ccfbc4867c1e2f3

    • SHA1

      c644a28a081f2ba43a3adc63cdd322f7769d5d23

    • SHA256

      15624bebe7e780932d151ba3b3a65ecd16b0762597a63b76e51f85c375261c10

    • SHA512

      a968351a4ac257d72917e2f52c97a872d52eddd046a692a0d53ccdf3c9c2b1345ed138e9f2906a76beea7051f9584c73338b1b2350c150d84f704b69f265a378

    • SSDEEP

      12288:XNsMDSBCYZjoEbWjKsJzABY4wkPMwmsc251OV:aFBCY+EZMzWYW9LG

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks