General

  • Target

    81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118

  • Size

    591KB

  • Sample

    240402-dlpqwseg9t

  • MD5

    81ecab9fa2aa18c3d5dc61e9b2bebb7b

  • SHA1

    293ab6dd02f04a4b25d3f92a27385b49a042ab05

  • SHA256

    ad1a7132112ed0a17f526989f2f50b61a43c71180de093582866b4541c24adc7

  • SHA512

    8dc5e2a84de8c3fc4d8821c77143059e6513788d1eab51055df0a7a567aac995f3a6b01f1199380df1149b8aca04affd3680adb9696b6144ccb2ea4a5cd4b560

  • SSDEEP

    12288:1aMPkBSBaeVAf4HgytutmnXZvmYEzLlXhf2LuK:gMPjBaMAAgytPMYEpX5uuK

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wogm

Decoy

sub-dude.net

repeatcustom.com

goodspaz.com

sinagropuree.com

jyh8886.com

muescabynes.quest

stark.agency

nolimit168.com

hypermediastore.com

arab-xt-pro.com

gruppovimar.com

santamariamoto.express

affaridistribuciones.com

straetah.com

collectionsbyvivi.com

nalainteriores.com

weeklywars.com

insightmyhome.com

ucml.net

herderguru.com

Targets

    • Target

      81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118

    • Size

      591KB

    • MD5

      81ecab9fa2aa18c3d5dc61e9b2bebb7b

    • SHA1

      293ab6dd02f04a4b25d3f92a27385b49a042ab05

    • SHA256

      ad1a7132112ed0a17f526989f2f50b61a43c71180de093582866b4541c24adc7

    • SHA512

      8dc5e2a84de8c3fc4d8821c77143059e6513788d1eab51055df0a7a567aac995f3a6b01f1199380df1149b8aca04affd3680adb9696b6144ccb2ea4a5cd4b560

    • SSDEEP

      12288:1aMPkBSBaeVAf4HgytutmnXZvmYEzLlXhf2LuK:gMPjBaMAAgytPMYEpX5uuK

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks