General

  • Target

    6040407905ea1aa24dd58dc8befa4255_JaffaCakes118

  • Size

    682KB

  • Sample

    240331-2ppr3aed2t

  • MD5

    6040407905ea1aa24dd58dc8befa4255

  • SHA1

    96ecf27fd10a6663cbfaadb7643abeaf4061ea77

  • SHA256

    2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362

  • SHA512

    d16e31ae6f510ab9f2f2474c064781c15e666f871a969f394f3e6590c7c1dabf19a98c62866e0342d4e6ec9cb40ab2f036c0d687c92f34df7527c340dae923f2

  • SSDEEP

    12288:hSBIB+gqzVl16yDr67jAkWoDq5jAyWb3PnB5JRU/V18H:sBVVmEJaqdAtj/RRGV

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Targets

    • Target

      6040407905ea1aa24dd58dc8befa4255_JaffaCakes118

    • Size

      682KB

    • MD5

      6040407905ea1aa24dd58dc8befa4255

    • SHA1

      96ecf27fd10a6663cbfaadb7643abeaf4061ea77

    • SHA256

      2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362

    • SHA512

      d16e31ae6f510ab9f2f2474c064781c15e666f871a969f394f3e6590c7c1dabf19a98c62866e0342d4e6ec9cb40ab2f036c0d687c92f34df7527c340dae923f2

    • SSDEEP

      12288:hSBIB+gqzVl16yDr67jAkWoDq5jAyWb3PnB5JRU/V18H:sBVVmEJaqdAtj/RRGV

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks