General

  • Target

    68f5efb97da868db08b04e74f271e89e_JaffaCakes118

  • Size

    418KB

  • Sample

    240401-f4hreafa48

  • MD5

    68f5efb97da868db08b04e74f271e89e

  • SHA1

    18805a2d7b3f04777dab91e298d1318caf6340e0

  • SHA256

    edcdd866b9fcf94a140c0b2586a8dab412c41777e4c3d74d876cf85cf48dbf85

  • SHA512

    1809ae3263e0903cde988e6def58355cbe3546b26594024ef20dcbca11c43387356412fc15e538a382eead2fa387295a64d63762cc9ac2dd43850a9dfcecd221

  • SSDEEP

    12288:fKYxlzrlfTNZO6ZdfcXcNVTGSCkHsVp267uU0iR/rIz:fPxlzrJNvzfcXIT1w26+

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bntn

Decoy

pollynfertility.com

frayahanson.com

longrunconsultancy.com

influencerimpactacademy.com

kentislandeats.com

71zkck.biz

835641.com

sklepmeki.store

lauradanielphotography.com

betnubhelp.com

invoicefunder.com

reignbeautycompany.com

eclipsegl.com

zacharyparkerporward5.com

alexiamalan.top

xn--299akkrtr22f.com

telex.business

pingsportsbet.com

fountainspringsrehab.com

intelbloodstock.com

Targets

    • Target

      68f5efb97da868db08b04e74f271e89e_JaffaCakes118

    • Size

      418KB

    • MD5

      68f5efb97da868db08b04e74f271e89e

    • SHA1

      18805a2d7b3f04777dab91e298d1318caf6340e0

    • SHA256

      edcdd866b9fcf94a140c0b2586a8dab412c41777e4c3d74d876cf85cf48dbf85

    • SHA512

      1809ae3263e0903cde988e6def58355cbe3546b26594024ef20dcbca11c43387356412fc15e538a382eead2fa387295a64d63762cc9ac2dd43850a9dfcecd221

    • SSDEEP

      12288:fKYxlzrlfTNZO6ZdfcXcNVTGSCkHsVp267uU0iR/rIz:fPxlzrJNvzfcXIT1w26+

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks