General

  • Target

    34233e27d1e4aba51d71d9d62de90956_JaffaCakes118

  • Size

    565KB

  • Sample

    240330-fjpn8ahh55

  • MD5

    34233e27d1e4aba51d71d9d62de90956

  • SHA1

    549cf72dfb6975f41fb9dbdd2890006ddbc45a2b

  • SHA256

    ededb6d766af749e94f73861421ef24b36eacaf42aaa5d7f9aed7902e0c79f97

  • SHA512

    1523e7aa2e1e5d2369faa774c8bd962803892cb04bd23cc5e928bb00b553770fc50814c6338f5bf7dd55853e613dbdaca0386c4a7fd155ce672c0bd81f49dd61

  • SSDEEP

    6144:B7P6MFohvg666UqrlUA7AnPqPkQmQSrrH8/qMWvojtm7eGhk3kuCD/HyQb4bB8rQ:mhv5UamiLPorHSqotpCrrks50

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p4qi

Decoy

muhaart.com

sherwoodrummages.com

asw2utha4l.com

circularsmartcity.com

moebellueckoff.com

bodeguitayolo.com

schotinderoos.com

brandianext.com

shanxichangyou.com

metaversecake.com

fiyatsepetim.com

14ideedumois.com

brillenglas-experte.com

evoprostaf.online

dewaynehotline.com

jadeshelf.com

odhlzujfgl.com

babyboybarozzini.com

inndev.digital

slywnk.com

Targets

    • Target

      34233e27d1e4aba51d71d9d62de90956_JaffaCakes118

    • Size

      565KB

    • MD5

      34233e27d1e4aba51d71d9d62de90956

    • SHA1

      549cf72dfb6975f41fb9dbdd2890006ddbc45a2b

    • SHA256

      ededb6d766af749e94f73861421ef24b36eacaf42aaa5d7f9aed7902e0c79f97

    • SHA512

      1523e7aa2e1e5d2369faa774c8bd962803892cb04bd23cc5e928bb00b553770fc50814c6338f5bf7dd55853e613dbdaca0386c4a7fd155ce672c0bd81f49dd61

    • SSDEEP

      6144:B7P6MFohvg666UqrlUA7AnPqPkQmQSrrH8/qMWvojtm7eGhk3kuCD/HyQb4bB8rQ:mhv5UamiLPorHSqotpCrrks50

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks