General

  • Target

    699589bd45b3cfbe2800dd137a56619d_JaffaCakes118

  • Size

    653KB

  • Sample

    240401-gl741sfa9w

  • MD5

    699589bd45b3cfbe2800dd137a56619d

  • SHA1

    c7a5efbb84d4c748556c38c39da5f30fddb4a1a6

  • SHA256

    0ce4e2f71989e9a0a4aef640b12237135e2be4b037f9cf533ca7925224e9daa8

  • SHA512

    8c073234aa0d08c1d6d2fd2e1f42eaa2750cb0423fde65dae8be9de525e69be656ebb7f64aebbd89aa3a9369bddb76ad6c95518828550de966c8c00b17c29680

  • SSDEEP

    12288:6vf3jRILfwanROnheVzCrZLW5xZWutzZz15SgO:kILQGz+FW5P1tzlK

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mqi9

Decoy

spectehnika-rb.com

daleproaudio.xyz

cpw887.com

gosbs-b01.com

clarkmanagementhawaii.com

taobaoi68.xyz

hoppedchardonnay.com

extremesavings.net

newbiepanda.com

arul-jegadish.com

kellibrat.com

avto-mercury.info

percussionportal.com

colorfulworldpublishing.com

notvaccinatedjobs.com

cattavida.com

pioniersa.com

yanduy.com

mzjing.com

piedmontpines.school

Targets

    • Target

      699589bd45b3cfbe2800dd137a56619d_JaffaCakes118

    • Size

      653KB

    • MD5

      699589bd45b3cfbe2800dd137a56619d

    • SHA1

      c7a5efbb84d4c748556c38c39da5f30fddb4a1a6

    • SHA256

      0ce4e2f71989e9a0a4aef640b12237135e2be4b037f9cf533ca7925224e9daa8

    • SHA512

      8c073234aa0d08c1d6d2fd2e1f42eaa2750cb0423fde65dae8be9de525e69be656ebb7f64aebbd89aa3a9369bddb76ad6c95518828550de966c8c00b17c29680

    • SSDEEP

      12288:6vf3jRILfwanROnheVzCrZLW5xZWutzZz15SgO:kILQGz+FW5P1tzlK

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks