General

  • Target

    a86077cd62754805e944847a8b1aa517_JaffaCakes118

  • Size

    661KB

  • Sample

    240403-2ecdzsfb96

  • MD5

    a86077cd62754805e944847a8b1aa517

  • SHA1

    dbbc4011685d364691ad33c3f0dd9e00f3a45792

  • SHA256

    64b041387c3c512a5b43c2a1d811b35f18f4d537c522dafb7b3e736912907426

  • SHA512

    accca83b3f7d31f41a67b90e9e3003a2d4bf985e9a5317aa7d22161f8aee19af62313ad4efd7b8f484af469c81eca66fbc7e934a836defbbb908df41e4c6ea07

  • SSDEEP

    12288:5j9+hvnUi0k7EU29NE9CO95RCTssx6yeh5PLSkZ:HGvUiL7DBb4TsLyeh5PL

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

i6rd

Decoy

ritotvmount.xyz

szxhpfk.com

yatakturkiye.com

belugacdn.xyz

doralopen.com

gongzyrxzlhurhhhvdclmddi.store

lyvconsulting.com

it-pampering.com

weerwi.com

phdelivery1.store

neofluentsurf.com

lainsurance.xyz

ietaricardocastellarbarrios.com

despachantemedeiros.digital

madnext.online

serenity.holdings

rfvb.club

nickroche.online

hnjst.net

wolkeverts.quest

Targets

    • Target

      a86077cd62754805e944847a8b1aa517_JaffaCakes118

    • Size

      661KB

    • MD5

      a86077cd62754805e944847a8b1aa517

    • SHA1

      dbbc4011685d364691ad33c3f0dd9e00f3a45792

    • SHA256

      64b041387c3c512a5b43c2a1d811b35f18f4d537c522dafb7b3e736912907426

    • SHA512

      accca83b3f7d31f41a67b90e9e3003a2d4bf985e9a5317aa7d22161f8aee19af62313ad4efd7b8f484af469c81eca66fbc7e934a836defbbb908df41e4c6ea07

    • SSDEEP

      12288:5j9+hvnUi0k7EU29NE9CO95RCTssx6yeh5PLSkZ:HGvUiL7DBb4TsLyeh5PL

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks