General

  • Target

    c357a8010e661a49df2e813bd22590b6_JaffaCakes118

  • Size

    329KB

  • Sample

    240404-2cyt7scd96

  • MD5

    c357a8010e661a49df2e813bd22590b6

  • SHA1

    08ecd005e1449ec97d0405e83649686ae35f6286

  • SHA256

    eef137583da6deb4a1be9882cede6cec5112b74ae79c0773f45b13346c5b2890

  • SHA512

    71957a0cd597213808b15b1abe9ce3df07889627b4a1b849362df07de6da3984803c6b2e6487338375a558dc9c1f0db32aee42fde89cee305078c22d6b92890e

  • SSDEEP

    6144:YaX+sbCdgMkhBJDxtvArlcq90N9prggZmNqoPjLfsPbU9wgJlhjb3BB5NAwg6oBm:Y/pd7SBBArlMN9FsrPXETWwa53BB5NAk

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ag9v

Decoy

wordmagicshow.com

dogparkdate.com

quickcarehomeopathic.com

azwar.net

louisle1909.xyz

section8lv.com

felineness.com

2888sy.com

wadashoot.com

kittyuniverse.com

blushroses.com

alaskangeneral.com

yumoo.design

7xkfic.com

891827.com

uspress1.com

aceserial.xyz

muellerconfidence.com

eramakport.com

tipsandtoesnewton.com

Targets

    • Target

      c357a8010e661a49df2e813bd22590b6_JaffaCakes118

    • Size

      329KB

    • MD5

      c357a8010e661a49df2e813bd22590b6

    • SHA1

      08ecd005e1449ec97d0405e83649686ae35f6286

    • SHA256

      eef137583da6deb4a1be9882cede6cec5112b74ae79c0773f45b13346c5b2890

    • SHA512

      71957a0cd597213808b15b1abe9ce3df07889627b4a1b849362df07de6da3984803c6b2e6487338375a558dc9c1f0db32aee42fde89cee305078c22d6b92890e

    • SSDEEP

      6144:YaX+sbCdgMkhBJDxtvArlcq90N9prggZmNqoPjLfsPbU9wgJlhjb3BB5NAwg6oBm:Y/pd7SBBArlMN9FsrPXETWwa53BB5NAk

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks