General

  • Target

    7890ee8b506470d111dffe7df8b06093_JaffaCakes118

  • Size

    352KB

  • Sample

    240401-yb2ypade6t

  • MD5

    7890ee8b506470d111dffe7df8b06093

  • SHA1

    83a5147df1ffb90c75a5a8686fec80b8b22cbe9c

  • SHA256

    5270bc9905eafb0b4174ba7ab447db19d7f7dc3adbc5b6a2a747fda70a63849e

  • SHA512

    f342f11a762555939b242a0416e6ec7c0a3e588a14325e152309530ec9354fc08b1b6da5d5027d7df03411b526071d25e8a56862f6f0ca44adaba3645923b07e

  • SSDEEP

    6144:A0zAuMkhBm0/dqaE4jxmG1J3OsKPyGBNzpZeQkX67P0FRUrJU6fnLFzdVl8R:y9SBnq9C1bOsdGTKQb7PcRYXfLToR

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

snec

Decoy

sacramentoscoop.com

auroraeqp.com

ontactfactory.com

abenakigroup.com

xander-tech.com

cocaineislegal.com

carbondouze.com

louisvilleestatelawyer.com

sundaytejero.quest

arti-faqs.com

thisandthat.store

biodyne-el-salvador.com

18504seheritageoakslane.com

mfialias.xyz

whitestoneclo.com

6288117.com

oficiosuy.com

autogift.xyz

wallbabyshell.com

chaletlabaie.com

Targets

    • Target

      7890ee8b506470d111dffe7df8b06093_JaffaCakes118

    • Size

      352KB

    • MD5

      7890ee8b506470d111dffe7df8b06093

    • SHA1

      83a5147df1ffb90c75a5a8686fec80b8b22cbe9c

    • SHA256

      5270bc9905eafb0b4174ba7ab447db19d7f7dc3adbc5b6a2a747fda70a63849e

    • SHA512

      f342f11a762555939b242a0416e6ec7c0a3e588a14325e152309530ec9354fc08b1b6da5d5027d7df03411b526071d25e8a56862f6f0ca44adaba3645923b07e

    • SSDEEP

      6144:A0zAuMkhBm0/dqaE4jxmG1J3OsKPyGBNzpZeQkX67P0FRUrJU6fnLFzdVl8R:y9SBnq9C1bOsdGTKQb7PcRYXfLToR

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks