General

  • Target

    b3580fc99e1418bfff88a27476bff8d5_JaffaCakes118

  • Size

    401KB

  • Sample

    240404-j7bn2sab6w

  • MD5

    b3580fc99e1418bfff88a27476bff8d5

  • SHA1

    18545c7e2f533945c6c5113686a1e8f049500020

  • SHA256

    8c813fa41f5f1341dac70ff4c3473d6447c0bd0eb6c87cf77ab62a864dcd2674

  • SHA512

    cb21df7c4c70272f5693b5d389ba2a0d2a2bd988a113211b31f980113f0c95fdea886cc6ec7ee29e64c175cc86d311b4670475762603a38b9a53cdc2f1080c1c

  • SSDEEP

    6144:p3M+/sYvqQ0WFmrkFib5uMuNXqvmwGc7kcFVpNB+aUkpETmQB+OGWRt9TS/Ks3JU:p3ZRCfXrgi1qVSGc7fNB1pKB+cOKs5U

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

huve

Decoy

pamschams.com

uwdvcn.com

dualipaportland.com

figewus.xyz

bashed.xyz

datasdy4d.com

seinvestments-sg.com

karenradunz.com

cartridgeops.com

maxim-llc.com

baldiksa.com

keiko-t.com

fuldencavusoglu.com

j98068.com

rvinar.com

businessmattersie.com

datajobmarket.com

freayabnnd.com

indiecowboy.com

clvwj.com

Targets

    • Target

      b3580fc99e1418bfff88a27476bff8d5_JaffaCakes118

    • Size

      401KB

    • MD5

      b3580fc99e1418bfff88a27476bff8d5

    • SHA1

      18545c7e2f533945c6c5113686a1e8f049500020

    • SHA256

      8c813fa41f5f1341dac70ff4c3473d6447c0bd0eb6c87cf77ab62a864dcd2674

    • SHA512

      cb21df7c4c70272f5693b5d389ba2a0d2a2bd988a113211b31f980113f0c95fdea886cc6ec7ee29e64c175cc86d311b4670475762603a38b9a53cdc2f1080c1c

    • SSDEEP

      6144:p3M+/sYvqQ0WFmrkFib5uMuNXqvmwGc7kcFVpNB+aUkpETmQB+OGWRt9TS/Ks3JU:p3ZRCfXrgi1qVSGc7fNB1pKB+cOKs5U

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks