General

  • Target

    94cb17b4c72ade9c1c690c1036ab01d3_JaffaCakes118

  • Size

    656KB

  • Sample

    240402-xw8fjaag9t

  • MD5

    94cb17b4c72ade9c1c690c1036ab01d3

  • SHA1

    df8fdfe796ea6c18287c33cd224ebe5709562588

  • SHA256

    c1426732f06b03f0d2f0b2afd275bcd17ceb24d16174db630e10fab4fee09f04

  • SHA512

    7e585106bad4d45e027a7ae761ac36ade47ef0d754ecea311ef83b91abc4d2a9fce862ebf30a93e640ac7a360f4b5c3b87e1e30bc49fee0818737e490126c021

  • SSDEEP

    12288:RohvvUi0dZqQaRoMdtZdlG78GQe36Ns+qZ6W:RUnUiaZqzRoMRdlGvF3wsJ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

    • Target

      94cb17b4c72ade9c1c690c1036ab01d3_JaffaCakes118

    • Size

      656KB

    • MD5

      94cb17b4c72ade9c1c690c1036ab01d3

    • SHA1

      df8fdfe796ea6c18287c33cd224ebe5709562588

    • SHA256

      c1426732f06b03f0d2f0b2afd275bcd17ceb24d16174db630e10fab4fee09f04

    • SHA512

      7e585106bad4d45e027a7ae761ac36ade47ef0d754ecea311ef83b91abc4d2a9fce862ebf30a93e640ac7a360f4b5c3b87e1e30bc49fee0818737e490126c021

    • SSDEEP

      12288:RohvvUi0dZqQaRoMdtZdlG78GQe36Ns+qZ6W:RUnUiaZqzRoMRdlGvF3wsJ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks