General

  • Target

    54bb8fbbfe0a665ca59579a0240ce2f0_JaffaCakes118

  • Size

    821KB

  • Sample

    240331-p1ltbsbg2w

  • MD5

    54bb8fbbfe0a665ca59579a0240ce2f0

  • SHA1

    0b97e4463c76df4541179880902bb6966ef3f894

  • SHA256

    3bd841c6957e9fdb7e9d4558fb417dca9d7317d087cdbbb270155d9a6698e657

  • SHA512

    fd6ac3075702fffd66df3566015bd6b2d844f28f0dfc0c638bd9198479514479514cf506bfdd56a671efa233873f9313a8b36d80e0bcb78a88624abd9f9b5770

  • SSDEEP

    12288:Y+zIPiLYQkt3iJHGmWG3HhY8muu8Rsni2U1Rr6s5yuuETV/O:Y+zWiLYQZaGXhguu8ai2U

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mqi9

Decoy

spectehnika-rb.com

daleproaudio.xyz

cpw887.com

gosbs-b01.com

clarkmanagementhawaii.com

taobaoi68.xyz

hoppedchardonnay.com

extremesavings.net

newbiepanda.com

arul-jegadish.com

kellibrat.com

avto-mercury.info

percussionportal.com

colorfulworldpublishing.com

notvaccinatedjobs.com

cattavida.com

pioniersa.com

yanduy.com

mzjing.com

piedmontpines.school

Targets

    • Target

      54bb8fbbfe0a665ca59579a0240ce2f0_JaffaCakes118

    • Size

      821KB

    • MD5

      54bb8fbbfe0a665ca59579a0240ce2f0

    • SHA1

      0b97e4463c76df4541179880902bb6966ef3f894

    • SHA256

      3bd841c6957e9fdb7e9d4558fb417dca9d7317d087cdbbb270155d9a6698e657

    • SHA512

      fd6ac3075702fffd66df3566015bd6b2d844f28f0dfc0c638bd9198479514479514cf506bfdd56a671efa233873f9313a8b36d80e0bcb78a88624abd9f9b5770

    • SSDEEP

      12288:Y+zIPiLYQkt3iJHGmWG3HhY8muu8Rsni2U1Rr6s5yuuETV/O:Y+zWiLYQZaGXhguu8ai2U

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks