General

  • Target

    3d4cf6591b9407874c6f08f82f55f93a_JaffaCakes118

  • Size

    537KB

  • Sample

    240330-q7da7sge82

  • MD5

    3d4cf6591b9407874c6f08f82f55f93a

  • SHA1

    eaa91eb85bbc8684b5bd5e3287fd9d9c7bcc10f1

  • SHA256

    fa73563a8ccbea57411fb4b9a5c713c1be3771e7c765a0b8e1100d0f4584c634

  • SHA512

    d4388e0aca6e3ffb35eb765f2b7bea6074fb535b3aacc44c50f0a95871f3c8c98508dc776c377ec5525d8478d8d05ad9c237eb82805919f22d2b2dc301ae7b2a

  • SSDEEP

    12288:1MaSBh+6YuIiclaeK2t3ysM1Me8/4aE/nZufqlxjf5K+gHF:1QB41iclaz2ZM1Me8QaE/nZyqPhK+gH

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

merc

Decoy

justlovesongs.com

jkentities.com

beelineschooldoc.com

xj3v.com

vitalorganicbarsoap.com

groweblock.com

monkendodge.com

deal4tool.com

nolimitsrp.com

pioneer-pherma.com

6dollarfashion.com

eaglemeridianhomes.com

skynetworksolution.com

lendoutspace.com

rgpsicologia.com

sophiemichorius.com

indeliblock.biz

mendixconsultant.com

reactiverehab.one

locoboysco.com

Targets

    • Target

      3d4cf6591b9407874c6f08f82f55f93a_JaffaCakes118

    • Size

      537KB

    • MD5

      3d4cf6591b9407874c6f08f82f55f93a

    • SHA1

      eaa91eb85bbc8684b5bd5e3287fd9d9c7bcc10f1

    • SHA256

      fa73563a8ccbea57411fb4b9a5c713c1be3771e7c765a0b8e1100d0f4584c634

    • SHA512

      d4388e0aca6e3ffb35eb765f2b7bea6074fb535b3aacc44c50f0a95871f3c8c98508dc776c377ec5525d8478d8d05ad9c237eb82805919f22d2b2dc301ae7b2a

    • SSDEEP

      12288:1MaSBh+6YuIiclaeK2t3ysM1Me8/4aE/nZufqlxjf5K+gHF:1QB41iclaz2ZM1Me8QaE/nZyqPhK+gH

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks