General

  • Target

    3ab7cc4b50ba6c5998cff07ff9d85592_JaffaCakes118

  • Size

    566KB

  • Sample

    240330-m8l3ysdg51

  • MD5

    3ab7cc4b50ba6c5998cff07ff9d85592

  • SHA1

    0db4d7713d0eb2502ed4ea833b39fde50e1457c9

  • SHA256

    cb2498c922b05db5e9dcd6c6123bfa1568b0fffbb294afcc953159f2e848c257

  • SHA512

    1b046af534f3248419ea5f9bb01938f2bd8aabbcc48f5373763c41eac1d6292c5f5c281c23bc49211caf7fa2ae4568a2edfe16859d2158632061c60de0531111

  • SSDEEP

    6144:bW6MFohvg6X6UqrlwlthZ19MtFh4ydo5fhTA11yJfoDV5W8HIyUAk2Qat8CW+OJl:phvgUPTsFLd1Eox9HptQs8A0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a49i

Decoy

myprobioticspayme.com

shavers.today

cinqueportshealthcare.com

itmservicesincne.com

credit-comparison.com

xn--2kr800ab2z.group

onlinebiyoloji.online

risaki.net

americasgotargument.com

rosinterpro.com

cortadoresdejamon.biz

hotamourclub.art

boettcherlaw.com

nuciic.com

redesdelraco.com

chivang.com

yourkstreetexperience.com

yourwaykeji.com

natureate.com

bidyawasterecycling.com

Targets

    • Target

      3ab7cc4b50ba6c5998cff07ff9d85592_JaffaCakes118

    • Size

      566KB

    • MD5

      3ab7cc4b50ba6c5998cff07ff9d85592

    • SHA1

      0db4d7713d0eb2502ed4ea833b39fde50e1457c9

    • SHA256

      cb2498c922b05db5e9dcd6c6123bfa1568b0fffbb294afcc953159f2e848c257

    • SHA512

      1b046af534f3248419ea5f9bb01938f2bd8aabbcc48f5373763c41eac1d6292c5f5c281c23bc49211caf7fa2ae4568a2edfe16859d2158632061c60de0531111

    • SSDEEP

      6144:bW6MFohvg6X6UqrlwlthZ19MtFh4ydo5fhTA11yJfoDV5W8HIyUAk2Qat8CW+OJl:phvgUPTsFLd1Eox9HptQs8A0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks