General

  • Target

    9f4303d51b3ceffb74c5cc9c887fc05e_JaffaCakes118

  • Size

    414KB

  • Sample

    240403-eb3qfafb3z

  • MD5

    9f4303d51b3ceffb74c5cc9c887fc05e

  • SHA1

    0b7eae91bc9d64bb4bbbd55afdf8158632ae340f

  • SHA256

    50604f47e8d7822aa29325e41546138db99c7002d776c510ac3bd620e75c801f

  • SHA512

    63403f8cad57032b255a67d2a9a22a8e1edae883faf7facad2a3468e87d03be9f70f5153abe22f1e69c9802e8091db456b3809499c123d34ff583ba4a519f3b2

  • SSDEEP

    6144:xWCYijqzSMeTFjdWJLg/eBvd8qV2Q8RwT1zAd21xYF5emnTGob5UArZV73rUmnqK:sCYRbeTFVeLDgQ+oY2D6nHUOV3qwDZ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gnui

Decoy

himalayanwanderwoods.com

finvi.guru

iphone13promax.show

rpfcomunicacao.com

inemilia.com

blboutiqueexchange.com

sukiller.com

tzwa.net

noemiklein.com

upscalepklptp.xyz

unboxk.com

greatamericanlandworks.com

bataperu.com

estebanacostapeugeot.com

gombc-a02.com

642541.com

13f465.com

jskswj.com

hibar.xyz

eltool.net

Targets

    • Target

      (RG25LGSJ).exe

    • Size

      645KB

    • MD5

      af581caf268f7ad9def31b477f8349a3

    • SHA1

      02e41c7fdb8d32c8f764a16913bd7afa44a7d0c9

    • SHA256

      bec65782844355875f88723419b44dc543ba07b83c8a339036f79e39364493c6

    • SHA512

      7c77a374c6b5cbd812a754aa28d7e09c03881bd1742e412701c7ab235b01cf65395ba0c87d23a85f0bf7877e82db6ed4a5971b62b5487bf03f4ebaa01c09d70a

    • SSDEEP

      6144:7Re+8T84g/mBpd8qV2A8RwR1zAd2pxKF5eEnTSab5UAVZV7TrUynqCCdr0yNukaP:72TOmxDgA+KY2/en7UOV1qCfF

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks