General

  • Target

    6f458a706a5d5e0a65adaceec728d6c8_JaffaCakes118

  • Size

    347KB

  • Sample

    240401-l97klscc26

  • MD5

    6f458a706a5d5e0a65adaceec728d6c8

  • SHA1

    5d623230470043f8a55a426e2b95b1501cd96820

  • SHA256

    9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590

  • SHA512

    30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d

  • SSDEEP

    6144:P9CLgMkhBmkApFWCev74HjUbgA731K6L8wk7+neqr/06abjj9k+mbdsLFnjD:eSBmk7v74gUu19kY3/zaPW+VD

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

    • Target

      6f458a706a5d5e0a65adaceec728d6c8_JaffaCakes118

    • Size

      347KB

    • MD5

      6f458a706a5d5e0a65adaceec728d6c8

    • SHA1

      5d623230470043f8a55a426e2b95b1501cd96820

    • SHA256

      9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590

    • SHA512

      30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d

    • SSDEEP

      6144:P9CLgMkhBmkApFWCev74HjUbgA731K6L8wk7+neqr/06abjj9k+mbdsLFnjD:eSBmk7v74gUu19kY3/zaPW+VD

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks