General

  • Target

    7ddf9139b29b7b35647dfa9e585023de_JaffaCakes118

  • Size

    397KB

  • Sample

    240401-3z21taaf4w

  • MD5

    7ddf9139b29b7b35647dfa9e585023de

  • SHA1

    ff9455ae69b531bf1864ece4ab90dd8186f1ae28

  • SHA256

    4e9cb6e83b7ea6e353bafe82262c6b1c1de8a5fb5517fa8bd8bd80b353ca472d

  • SHA512

    a4e66072f3bbb32e6f5594065eba358a05113c7e56b3e149c68dfd4905661489385af03e9a1d89d9c087a856a88c5ee699fc3c6f9a212962856988c89a81aad2

  • SSDEEP

    6144:agwqt/BtMSCT/xmu9DC1pZbpUhiGYcpskR+8O57P7/CpYQCbszjY:AqSSEUKDC15BGJekR+77lQ94

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sw39

Decoy

ashwinpokharel.com

bzsxlaw.com

know-christ.com

findevinsurance.com

greenlink-engineering.com

poseidonvips.com

thebrandstudiointernational.com

airkrol.com

callofdutytool.xyz

anthologyofenglishpoems.info

dandftrading.com

cjrotulacion.com

tiroalpalodigital.com

axeologements.com

nchh29.xyz

karedxb.com

9158cs.xyz

christialana.com

francegravures.com

snclgroupsource.com

Targets

    • Target

      7ddf9139b29b7b35647dfa9e585023de_JaffaCakes118

    • Size

      397KB

    • MD5

      7ddf9139b29b7b35647dfa9e585023de

    • SHA1

      ff9455ae69b531bf1864ece4ab90dd8186f1ae28

    • SHA256

      4e9cb6e83b7ea6e353bafe82262c6b1c1de8a5fb5517fa8bd8bd80b353ca472d

    • SHA512

      a4e66072f3bbb32e6f5594065eba358a05113c7e56b3e149c68dfd4905661489385af03e9a1d89d9c087a856a88c5ee699fc3c6f9a212962856988c89a81aad2

    • SSDEEP

      6144:agwqt/BtMSCT/xmu9DC1pZbpUhiGYcpskR+8O57P7/CpYQCbszjY:AqSSEUKDC15BGJekR+77lQ94

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks