General

  • Target

    4f24647255d869d5f89f02b05886f6dd_JaffaCakes118

  • Size

    524KB

  • Sample

    240331-gs97ysff25

  • MD5

    4f24647255d869d5f89f02b05886f6dd

  • SHA1

    9d4629bdfe950ab15a06d6894b0d94ecd9ab48b4

  • SHA256

    e64b071b483c1bb818812cedb781acb23cb0f791d6485525f6fded9040537ce3

  • SHA512

    8dffc433843c290b50d6a021f74777bd88e3a61cbda0dbc590b19e1274754dffe45ed724c105428019b4a7def0c1a9816fe14db7c58d401bd8d26c61e176d74f

  • SSDEEP

    6144:5ZySSRjQRlUsunaPMIAWIpGFEYrUuUlFbcCQsb5JuDw7adZPLClTKnibNpMldnTy:6MKvndKEgOfczD5NLgKRjslgvG1ZWSB

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cu6s

Decoy

ittakesgenius.com

jezansing.website

escueladelbuenamor.net

ultimateoutdoorslandscape.com

garthjroach.com

mvpartscenter.com

soportelandfill.com

allforfrances.com

mamanvaalecole.com

auditoryhvxgg.online

3amdispo.com

btgdeaca.xyz

massborn.com

cinlys.com

haubenschild.net

academyofmissionrenewal.com

getspycio.com

sueldatersy.quest

lairdsy.com

lo-nen.com

Targets

    • Target

      4f24647255d869d5f89f02b05886f6dd_JaffaCakes118

    • Size

      524KB

    • MD5

      4f24647255d869d5f89f02b05886f6dd

    • SHA1

      9d4629bdfe950ab15a06d6894b0d94ecd9ab48b4

    • SHA256

      e64b071b483c1bb818812cedb781acb23cb0f791d6485525f6fded9040537ce3

    • SHA512

      8dffc433843c290b50d6a021f74777bd88e3a61cbda0dbc590b19e1274754dffe45ed724c105428019b4a7def0c1a9816fe14db7c58d401bd8d26c61e176d74f

    • SSDEEP

      6144:5ZySSRjQRlUsunaPMIAWIpGFEYrUuUlFbcCQsb5JuDw7adZPLClTKnibNpMldnTy:6MKvndKEgOfczD5NLgKRjslgvG1ZWSB

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks