General

  • Target

    33273fa1d0b01c285fdf698595b5c4ec_JaffaCakes118

  • Size

    395KB

  • Sample

    240330-emzg6ahb89

  • MD5

    33273fa1d0b01c285fdf698595b5c4ec

  • SHA1

    fbdb907644615dd39422f5b9c1da8d84385996bf

  • SHA256

    2fc556b10085169a34786fba8c371d8fd89d62e69c19a6392d44edf21ffc2a50

  • SHA512

    d4d5ef0d2fdf47303148654e15fd53c62472562f27e61a105a8db125c4b4ed055691227a28fd368265c304bec1358ceba98f5d790647a63f75a804b512bf023b

  • SSDEEP

    6144:5F7Aaw+Gmi6rhsFqRzvMvDScbK7V7jXqX6m0G6TeWqGfzAY:8awNL6rh0gzkvm3hj1m0G6TP1l

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a49i

Decoy

myprobioticspayme.com

shavers.today

cinqueportshealthcare.com

itmservicesincne.com

credit-comparison.com

xn--2kr800ab2z.group

onlinebiyoloji.online

risaki.net

americasgotargument.com

rosinterpro.com

cortadoresdejamon.biz

hotamourclub.art

boettcherlaw.com

nuciic.com

redesdelraco.com

chivang.com

yourkstreetexperience.com

yourwaykeji.com

natureate.com

bidyawasterecycling.com

Targets

    • Target

      33273fa1d0b01c285fdf698595b5c4ec_JaffaCakes118

    • Size

      395KB

    • MD5

      33273fa1d0b01c285fdf698595b5c4ec

    • SHA1

      fbdb907644615dd39422f5b9c1da8d84385996bf

    • SHA256

      2fc556b10085169a34786fba8c371d8fd89d62e69c19a6392d44edf21ffc2a50

    • SHA512

      d4d5ef0d2fdf47303148654e15fd53c62472562f27e61a105a8db125c4b4ed055691227a28fd368265c304bec1358ceba98f5d790647a63f75a804b512bf023b

    • SSDEEP

      6144:5F7Aaw+Gmi6rhsFqRzvMvDScbK7V7jXqX6m0G6TeWqGfzAY:8awNL6rh0gzkvm3hj1m0G6TP1l

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks