General

  • Target

    3d2df19218deddc9aaf1d8f50fe01fad_JaffaCakes118

  • Size

    567KB

  • Sample

    240330-q25s9sfg5w

  • MD5

    3d2df19218deddc9aaf1d8f50fe01fad

  • SHA1

    685eec2a218d449c93542093494f8ae6e0ace415

  • SHA256

    85af93a256b4ca0a3eaf46abb1aa51d5ecc6e42c11e7bad82fb849c217133826

  • SHA512

    28be24040983f5b5a82a2d18769960c3064ec8bb63c7b0e94162a98dfc0b0b489d01a92927ba0c85938f627da585c6345e091ab930d63154bada54fd10ae6ed5

  • SSDEEP

    12288:2napvg4sz9dYRZsDy+M7ysv+jNnhvu11JlDk3C47Co:2n4g4szgRZQ2v+ZhQ4ZD

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fpdi

Decoy

jencio.com

b9jty7.com

banahinvestments.com

capitolfurniture.net

jlvip1086.com

pompeyocargo.com

designbyshubhi.info

elbauldepecas.com

bracelexx.online

advanceporbrx.xyz

ruihongco.com

wipemirecord.com

goodfoodsme.com

sommpick.com

rangilugujarat.com

realestate5g.com

spunkdlashes.com

palisadestahoehousing.com

brandingsocal.com

privatejetsboston.com

Targets

    • Target

      3d2df19218deddc9aaf1d8f50fe01fad_JaffaCakes118

    • Size

      567KB

    • MD5

      3d2df19218deddc9aaf1d8f50fe01fad

    • SHA1

      685eec2a218d449c93542093494f8ae6e0ace415

    • SHA256

      85af93a256b4ca0a3eaf46abb1aa51d5ecc6e42c11e7bad82fb849c217133826

    • SHA512

      28be24040983f5b5a82a2d18769960c3064ec8bb63c7b0e94162a98dfc0b0b489d01a92927ba0c85938f627da585c6345e091ab930d63154bada54fd10ae6ed5

    • SSDEEP

      12288:2napvg4sz9dYRZsDy+M7ysv+jNnhvu11JlDk3C47Co:2n4g4szgRZQ2v+ZhQ4ZD

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks