General

  • Target

    607afbfc6f90d724bd7014ca4ab30be5_JaffaCakes118

  • Size

    560KB

  • Sample

    240331-2xl15see81

  • MD5

    607afbfc6f90d724bd7014ca4ab30be5

  • SHA1

    594b0adbea0f4145f234d862ac1c2fed4c7b638a

  • SHA256

    f6d328b383e179f3c0918c3e97964151319444ea9f22e0d667c831dfe8d26069

  • SHA512

    97db713be3938363e3776562608cc99c51ed1505b1ed839a164234e12fa1cf283bd1900b431e53d32a67c3a7c194ce1d9f1286bebef6903294a35d41bdbea6c4

  • SSDEEP

    12288:ug109D6dlL1G/mbwapy8gSBZQpFotwgNvV:ug0J6EmbwUyoBZLtt

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wogm

Decoy

sub-dude.net

repeatcustom.com

goodspaz.com

sinagropuree.com

jyh8886.com

muescabynes.quest

stark.agency

nolimit168.com

hypermediastore.com

arab-xt-pro.com

gruppovimar.com

santamariamoto.express

affaridistribuciones.com

straetah.com

collectionsbyvivi.com

nalainteriores.com

weeklywars.com

insightmyhome.com

ucml.net

herderguru.com

Targets

    • Target

      607afbfc6f90d724bd7014ca4ab30be5_JaffaCakes118

    • Size

      560KB

    • MD5

      607afbfc6f90d724bd7014ca4ab30be5

    • SHA1

      594b0adbea0f4145f234d862ac1c2fed4c7b638a

    • SHA256

      f6d328b383e179f3c0918c3e97964151319444ea9f22e0d667c831dfe8d26069

    • SHA512

      97db713be3938363e3776562608cc99c51ed1505b1ed839a164234e12fa1cf283bd1900b431e53d32a67c3a7c194ce1d9f1286bebef6903294a35d41bdbea6c4

    • SSDEEP

      12288:ug109D6dlL1G/mbwapy8gSBZQpFotwgNvV:ug0J6EmbwUyoBZLtt

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks