General

  • Target

    af581caf268f7ad9def31b477f8349a3_JaffaCakes118

  • Size

    645KB

  • Sample

    240404-etndgaed5v

  • MD5

    af581caf268f7ad9def31b477f8349a3

  • SHA1

    02e41c7fdb8d32c8f764a16913bd7afa44a7d0c9

  • SHA256

    bec65782844355875f88723419b44dc543ba07b83c8a339036f79e39364493c6

  • SHA512

    7c77a374c6b5cbd812a754aa28d7e09c03881bd1742e412701c7ab235b01cf65395ba0c87d23a85f0bf7877e82db6ed4a5971b62b5487bf03f4ebaa01c09d70a

  • SSDEEP

    6144:7Re+8T84g/mBpd8qV2A8RwR1zAd2pxKF5eEnTSab5UAVZV7TrUynqCCdr0yNukaP:72TOmxDgA+KY2/en7UOV1qCfF

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gnui

Decoy

himalayanwanderwoods.com

finvi.guru

iphone13promax.show

rpfcomunicacao.com

inemilia.com

blboutiqueexchange.com

sukiller.com

tzwa.net

noemiklein.com

upscalepklptp.xyz

unboxk.com

greatamericanlandworks.com

bataperu.com

estebanacostapeugeot.com

gombc-a02.com

642541.com

13f465.com

jskswj.com

hibar.xyz

eltool.net

Targets

    • Target

      af581caf268f7ad9def31b477f8349a3_JaffaCakes118

    • Size

      645KB

    • MD5

      af581caf268f7ad9def31b477f8349a3

    • SHA1

      02e41c7fdb8d32c8f764a16913bd7afa44a7d0c9

    • SHA256

      bec65782844355875f88723419b44dc543ba07b83c8a339036f79e39364493c6

    • SHA512

      7c77a374c6b5cbd812a754aa28d7e09c03881bd1742e412701c7ab235b01cf65395ba0c87d23a85f0bf7877e82db6ed4a5971b62b5487bf03f4ebaa01c09d70a

    • SSDEEP

      6144:7Re+8T84g/mBpd8qV2A8RwR1zAd2pxKF5eEnTSab5UAVZV7TrUynqCCdr0yNukaP:72TOmxDgA+KY2/en7UOV1qCfF

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks