General

  • Target

    b168bef200eee22c281c1a830cd4bf80_JaffaCakes118

  • Size

    463KB

  • Sample

    240404-ghvdragf97

  • MD5

    b168bef200eee22c281c1a830cd4bf80

  • SHA1

    b086e5ae3f1a2e8f1b9cd614794f5f3cd8c52887

  • SHA256

    d405dd06ed1a965eb9029d7982286ac11bdf029a587dd64e3b49c72fc0f0a696

  • SHA512

    55dba8012bddf5bd5467176e2eed1d4b9e75c6ee10dc16464aa43ee0a079be6e8fc1f9ab5007f650433ccd55a8d5b1c128ccb44d0dd5f7c864f44f6c222821ba

  • SSDEEP

    12288:GunzUi2iNVqu9r3y2xY9pDJ7mNUMrr24xxfXqtDr:GunzUi1zT9rCEY9VBmNB/nCD

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r3n5

Decoy

peterjhill.com

bleednavy.com

a6d83.top

koudoula.store

albawardl.com

j-sdigitalekuns.net

0wzr2dglc.com

xd16880.com

safepostcourier.com

seuic.net

hainansousou.com

meuexamor.com

strategicthinking.coach

tabliqatbama.com

kidzplan.com

non-toxicnailpolish.com

bwgds.com

behindhereyesphotography.com

age-oldpklduy.xyz

lesconfidentialistes.paris

Targets

    • Target

      b168bef200eee22c281c1a830cd4bf80_JaffaCakes118

    • Size

      463KB

    • MD5

      b168bef200eee22c281c1a830cd4bf80

    • SHA1

      b086e5ae3f1a2e8f1b9cd614794f5f3cd8c52887

    • SHA256

      d405dd06ed1a965eb9029d7982286ac11bdf029a587dd64e3b49c72fc0f0a696

    • SHA512

      55dba8012bddf5bd5467176e2eed1d4b9e75c6ee10dc16464aa43ee0a079be6e8fc1f9ab5007f650433ccd55a8d5b1c128ccb44d0dd5f7c864f44f6c222821ba

    • SSDEEP

      12288:GunzUi2iNVqu9r3y2xY9pDJ7mNUMrr24xxfXqtDr:GunzUi1zT9rCEY9VBmNB/nCD

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks