General

  • Target

    8279edc14cc42685f7fceefe384ddf0d_JaffaCakes118

  • Size

    389KB

  • Sample

    240402-d3yp5afh76

  • MD5

    8279edc14cc42685f7fceefe384ddf0d

  • SHA1

    d6b01e94dd1528eb364e16db7bc6a5e06a66bde6

  • SHA256

    5a573da6707c9373b0f49b049b07ddc21bc6976195b834473d0be2daaf52c173

  • SHA512

    6a1963004eb2cbfc49c48b638d70a9f7a9fa9ad24629bb78f2cdd31ad84d3a3908d707d51d88f5cb2f8acc7c9cab0725d84ca8957b3d32ea194205e3390d6f95

  • SSDEEP

    6144:kKq6ZZmDQ+3HwOEjhH+KU8b1Qy6mK8WRAYfnsdtGfBYmP6tKX:skoq1BTbKy6x8/vdMfBRX

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

shjn

Decoy

trendlito.com

myspoiledbytchcreations.com

skinsotight.com

merakii.art

sakina.digital

qumpan.com

juxing666.com

andrewolivercounselling.com

blastaerobics.com

linevshaper.store

legendvacationrentals.com

adna17.com

ingodwetrustdaycare.com

j98066.com

noordinarybusiness.com

pacelicensedelectrician.com

istanbulmadencilik.com

roboscop.com

njhude.com

eaglelures.com

Targets

    • Target

      8279edc14cc42685f7fceefe384ddf0d_JaffaCakes118

    • Size

      389KB

    • MD5

      8279edc14cc42685f7fceefe384ddf0d

    • SHA1

      d6b01e94dd1528eb364e16db7bc6a5e06a66bde6

    • SHA256

      5a573da6707c9373b0f49b049b07ddc21bc6976195b834473d0be2daaf52c173

    • SHA512

      6a1963004eb2cbfc49c48b638d70a9f7a9fa9ad24629bb78f2cdd31ad84d3a3908d707d51d88f5cb2f8acc7c9cab0725d84ca8957b3d32ea194205e3390d6f95

    • SSDEEP

      6144:kKq6ZZmDQ+3HwOEjhH+KU8b1Qy6mK8WRAYfnsdtGfBYmP6tKX:skoq1BTbKy6x8/vdMfBRX

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks