General

  • Target

    7c48d5a7ae49ca4649503c6b41699d50_JaffaCakes118

  • Size

    389KB

  • Sample

    240401-2kmf5shb2t

  • MD5

    7c48d5a7ae49ca4649503c6b41699d50

  • SHA1

    a69ed59d393ee4929668a83323853ea752330c94

  • SHA256

    6d9669eccc50a3331c3138b4649edfe5e5096693ab4647696d5e1075c95b8fbf

  • SHA512

    a9a5dba7d5e21394c32d7d95b15b79ff3131121f478d469cdebbf06b49219e6e5fd230698f3bca550a5175a88a7f1f9f634644396d4ebcd0d13580a9dada3417

  • SSDEEP

    12288:TK1Gta0NmUDWVqLbHLJElYIx+ZCW6OP62IIs:Tr7NkVqPHLJECGWM2IIs

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g53s

Decoy

kosnac.com

tujaso.com

handmadealtrimenti.com

txclaimsguy.com

newonedrivedocc.com

11t.xyz

shawnliang.tech

worldigger.com

lesgitar.online

winlanddepot.xyz

mofangxx.store

8ls-world.com

localrelics.com

piccadeliquickup.com

rhinogroup.online

hxrhorend.quest

avtfitness.com

oakabbey.net

presox.com

bluegreendi.com

Targets

    • Target

      7c48d5a7ae49ca4649503c6b41699d50_JaffaCakes118

    • Size

      389KB

    • MD5

      7c48d5a7ae49ca4649503c6b41699d50

    • SHA1

      a69ed59d393ee4929668a83323853ea752330c94

    • SHA256

      6d9669eccc50a3331c3138b4649edfe5e5096693ab4647696d5e1075c95b8fbf

    • SHA512

      a9a5dba7d5e21394c32d7d95b15b79ff3131121f478d469cdebbf06b49219e6e5fd230698f3bca550a5175a88a7f1f9f634644396d4ebcd0d13580a9dada3417

    • SSDEEP

      12288:TK1Gta0NmUDWVqLbHLJElYIx+ZCW6OP62IIs:Tr7NkVqPHLJECGWM2IIs

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks