General

  • Target

    920e626bea0e4949daea75e2a332f481_JaffaCakes118

  • Size

    559KB

  • Sample

    240402-vfmssafg6w

  • MD5

    920e626bea0e4949daea75e2a332f481

  • SHA1

    2d82ef86265c1e490744b53de82dc9be163192a7

  • SHA256

    08040f352684d740d9fa767c3315fb1636394dec01f35abe84ad7116cd735fb4

  • SHA512

    035ad5fe790eff621e5f1b1ded413fec6a2b0af1cbf71c5db33a026ca2a74b5ff3a2e1a05319927d603c64fb7d7403081e5961d3bafd69b56facff1ebb3c3f01

  • SSDEEP

    12288:EESo0nmHTrkIv/+p8OD4WnmOQVZMXfK4La/oc13:EESZmHTQIvmp/FnmOGY7LWJ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hu8c

Decoy

aliceso.photography

exploitslozdz.xyz

chokefirmbeauty.com

sapix-usa.com

perfectioncheergym.com

igfo.xyz

xc6686.com

aclproreubensnyder.com

xn--bin-2k4mp34c09iwiz.com

daumien.com

atlanticuniombank.com

ookawa.club

cherrywoodranchvacationhome.com

s6gfec.com

ryo-toolset.store

talltailfishing.com

creativelyaustin.com

xn--nqv986be9r.com

grpgg2021.space

michaelsarcona.com

Targets

    • Target

      920e626bea0e4949daea75e2a332f481_JaffaCakes118

    • Size

      559KB

    • MD5

      920e626bea0e4949daea75e2a332f481

    • SHA1

      2d82ef86265c1e490744b53de82dc9be163192a7

    • SHA256

      08040f352684d740d9fa767c3315fb1636394dec01f35abe84ad7116cd735fb4

    • SHA512

      035ad5fe790eff621e5f1b1ded413fec6a2b0af1cbf71c5db33a026ca2a74b5ff3a2e1a05319927d603c64fb7d7403081e5961d3bafd69b56facff1ebb3c3f01

    • SSDEEP

      12288:EESo0nmHTrkIv/+p8OD4WnmOQVZMXfK4La/oc13:EESZmHTQIvmp/FnmOGY7LWJ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks