General

  • Target

    3b77846a9994bac7c3608df6ca04d036_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240330-n8frlsfb59

  • MD5

    3b77846a9994bac7c3608df6ca04d036

  • SHA1

    04e3c629e5b3cb7f9473019496cfe8016a2d0c46

  • SHA256

    6d2abaaa61c35b3bc1cf8ae531dd9505406379b70f414f806974d0202365d14e

  • SHA512

    d295e477be4bc47e99aabb59f5bfe415104359356eacf510450e817285398b7d2a373d9786af56d394667a71f3532223b084496f9c064d4d42464a80564c5b98

  • SSDEEP

    24576:cLEHFWFOBofuOs14lNyRUsKCvhYKyxyaOIGrjB:coHtBDN4mysLvhRyxBO7

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

    • Target

      3b77846a9994bac7c3608df6ca04d036_JaffaCakes118

    • Size

      1.1MB

    • MD5

      3b77846a9994bac7c3608df6ca04d036

    • SHA1

      04e3c629e5b3cb7f9473019496cfe8016a2d0c46

    • SHA256

      6d2abaaa61c35b3bc1cf8ae531dd9505406379b70f414f806974d0202365d14e

    • SHA512

      d295e477be4bc47e99aabb59f5bfe415104359356eacf510450e817285398b7d2a373d9786af56d394667a71f3532223b084496f9c064d4d42464a80564c5b98

    • SSDEEP

      24576:cLEHFWFOBofuOs14lNyRUsKCvhYKyxyaOIGrjB:coHtBDN4mysLvhRyxBO7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks