General

  • Target

    59f79b035cd8ba3d6dca9eb87ef27112_JaffaCakes118

  • Size

    439KB

  • Sample

    240331-we1tpagg22

  • MD5

    59f79b035cd8ba3d6dca9eb87ef27112

  • SHA1

    0d3cc4bce3db75ead10ad71aac4cee0b4824237f

  • SHA256

    5fe9001c1e05f129735710c4255cb9890f87a90024ac08c8278d0621f6f2ab10

  • SHA512

    8fc31da304aa2d8d109ff09aea6db24a45489e89fdf0e73a6a9e3026767c980c22be5e065cf2327b5ec09a1289dd158855a34a5767a995433bcbfa246c9cf865

  • SSDEEP

    6144:KWgEWwGEnzb8tJyv1rcLFKPENlfhhbB8igZhpU6Ak4wXVjYy9iiiiS:K+DGi8TbNlfbzgDp5Ak4weys

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gab8

Decoy

amateurfeetworship.com

big-food.biz

metaversevolution.com

profecional-pacasmayo.com

royzoom.com

bekindevolution.com

hokozaki.com

waltersswholesale.com

wayfinderacu.com

schnurrgallery.com

babygearrentals.net

imggtoken.club

24x7x366.com

lakiernictwo.info

les-cours.com

dwticket.com

onarollshades.com

ramireztradepartners.com

safarparfums.com

6ngie.info

Targets

    • Target

      59f79b035cd8ba3d6dca9eb87ef27112_JaffaCakes118

    • Size

      439KB

    • MD5

      59f79b035cd8ba3d6dca9eb87ef27112

    • SHA1

      0d3cc4bce3db75ead10ad71aac4cee0b4824237f

    • SHA256

      5fe9001c1e05f129735710c4255cb9890f87a90024ac08c8278d0621f6f2ab10

    • SHA512

      8fc31da304aa2d8d109ff09aea6db24a45489e89fdf0e73a6a9e3026767c980c22be5e065cf2327b5ec09a1289dd158855a34a5767a995433bcbfa246c9cf865

    • SSDEEP

      6144:KWgEWwGEnzb8tJyv1rcLFKPENlfhhbB8igZhpU6Ak4wXVjYy9iiiiS:K+DGi8TbNlfbzgDp5Ak4weys

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks