General

  • Target

    9c990c091e85d7c7530e8b3c3e1631f9_JaffaCakes118

  • Size

    480KB

  • Sample

    240403-b2xqbscb2y

  • MD5

    9c990c091e85d7c7530e8b3c3e1631f9

  • SHA1

    9db0555370cc85e5bd4194e267d84768910d8ac5

  • SHA256

    784425a3324d90d5d4028f545c946ac1b39eacd8875f6f182417e9e8621a5e0a

  • SHA512

    f077753d9e7dc4a6d12f93131a0849f0855ff0b1a1c2534ce401b4e3ce8e1a8df66f3bbc0c1829199b614193e36ba5e8b8ed4f17bba2f2177278c353eb1d61ca

  • SSDEEP

    12288:2XZ8E2OZXGBaepXdDcUu5GPxR4jqH8OQlTD:2ZDVEaepXdTBPHQ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bkqi

Decoy

woodbridgelearninglab.com

kalexandynle.xyz

hallibrewerproductions.com

cuevasconencanto.com

starfishexuma.com

douwuba.com

dexandrue.com

aprendes.academy

enderisler.com

alstartnpasumo6.xyz

3dysp.com

myhousesfit.com

thousandoaks-jaglr.com

ikeg-ger.xyz

yuzhou-shen.com

enohydra.com

lesentreprisesgerco.com

fivem-exotic.xyz

soarlend.com

deuxcentsept.com

Targets

    • Target

      9c990c091e85d7c7530e8b3c3e1631f9_JaffaCakes118

    • Size

      480KB

    • MD5

      9c990c091e85d7c7530e8b3c3e1631f9

    • SHA1

      9db0555370cc85e5bd4194e267d84768910d8ac5

    • SHA256

      784425a3324d90d5d4028f545c946ac1b39eacd8875f6f182417e9e8621a5e0a

    • SHA512

      f077753d9e7dc4a6d12f93131a0849f0855ff0b1a1c2534ce401b4e3ce8e1a8df66f3bbc0c1829199b614193e36ba5e8b8ed4f17bba2f2177278c353eb1d61ca

    • SSDEEP

      12288:2XZ8E2OZXGBaepXdDcUu5GPxR4jqH8OQlTD:2ZDVEaepXdTBPHQ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks