General

  • Target

    8f52218134c52332d3c0ea37fe9acf9f_JaffaCakes118

  • Size

    348KB

  • Sample

    240402-rzx63sdc99

  • MD5

    8f52218134c52332d3c0ea37fe9acf9f

  • SHA1

    dc3e39683ed243bb0582b5ebf121e9ba31f748d3

  • SHA256

    d14f4d60b60350f1f2691c393c143c3d0b98d6ee0379e4bcb44d3668471ae35a

  • SHA512

    d8c8ae3a10da823f8e72e9c21089b93e2413dbe525fcbab975a6b3a1156cfaf469cad42ed3e7a01e1d68753c3d74e3f257c13c3f97862b73d69ee85d6ad45484

  • SSDEEP

    6144:1dhYWH6vxoasAoOsUaG0K88C9zvDa60mtzUE+2tvi2F0UIU9uGOjb:1ENvyo4jh9zba60mtJv1pUT

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

snec

Decoy

sacramentoscoop.com

auroraeqp.com

ontactfactory.com

abenakigroup.com

xander-tech.com

cocaineislegal.com

carbondouze.com

louisvilleestatelawyer.com

sundaytejero.quest

arti-faqs.com

thisandthat.store

biodyne-el-salvador.com

18504seheritageoakslane.com

mfialias.xyz

whitestoneclo.com

6288117.com

oficiosuy.com

autogift.xyz

wallbabyshell.com

chaletlabaie.com

Targets

    • Target

      8f52218134c52332d3c0ea37fe9acf9f_JaffaCakes118

    • Size

      348KB

    • MD5

      8f52218134c52332d3c0ea37fe9acf9f

    • SHA1

      dc3e39683ed243bb0582b5ebf121e9ba31f748d3

    • SHA256

      d14f4d60b60350f1f2691c393c143c3d0b98d6ee0379e4bcb44d3668471ae35a

    • SHA512

      d8c8ae3a10da823f8e72e9c21089b93e2413dbe525fcbab975a6b3a1156cfaf469cad42ed3e7a01e1d68753c3d74e3f257c13c3f97862b73d69ee85d6ad45484

    • SSDEEP

      6144:1dhYWH6vxoasAoOsUaG0K88C9zvDa60mtzUE+2tvi2F0UIU9uGOjb:1ENvyo4jh9zba60mtJv1pUT

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks