General

  • Target

    9aad1149c17535bf37fe98c564958ef6_JaffaCakes118

  • Size

    344KB

  • Sample

    240403-abbvhahf89

  • MD5

    9aad1149c17535bf37fe98c564958ef6

  • SHA1

    47e9710ccdef23f1b45dcc2d459148461359462a

  • SHA256

    def69bd673ae57b70c20087596b787eb27c1f0da7053ba2991e87cf7f032c43c

  • SHA512

    44a8dc3abd400c2a5ce04717a14fd349a1b6a55ad4da9d1c218d31cb15acbcde714a05084b8416e6e3b2eeb09f1614185b18bfd08d308b1cdbc27ed8507d0d55

  • SSDEEP

    6144:VbqYJkNHwD3sLJCLI9d6yPzQWptHSYbTvZC0NRO87UzJXo3Nj1:VHSNUAC4dtHrAH8Y14v

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

    • Target

      9aad1149c17535bf37fe98c564958ef6_JaffaCakes118

    • Size

      344KB

    • MD5

      9aad1149c17535bf37fe98c564958ef6

    • SHA1

      47e9710ccdef23f1b45dcc2d459148461359462a

    • SHA256

      def69bd673ae57b70c20087596b787eb27c1f0da7053ba2991e87cf7f032c43c

    • SHA512

      44a8dc3abd400c2a5ce04717a14fd349a1b6a55ad4da9d1c218d31cb15acbcde714a05084b8416e6e3b2eeb09f1614185b18bfd08d308b1cdbc27ed8507d0d55

    • SSDEEP

      6144:VbqYJkNHwD3sLJCLI9d6yPzQWptHSYbTvZC0NRO87UzJXo3Nj1:VHSNUAC4dtHrAH8Y14v

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks