General

  • Target

    b7db705d5402da2662b9f339a8a06085_JaffaCakes118

  • Size

    355KB

  • Sample

    240404-n8ymesfc86

  • MD5

    b7db705d5402da2662b9f339a8a06085

  • SHA1

    76206bee0a5a3ff525473030cc54e9c654d8ce19

  • SHA256

    367e0400b78d94aed02d364e9a8e41dfb7e0136f12e68dd1b532d529354e00f7

  • SHA512

    cff87c581407464e483e79e4d6472adb87bd6b13e04d906604cbdabe734d40962e9d5cfec174c0e45c7d6063d823d16dcb3ef00293bcc76a47f6d9d9d2552c16

  • SSDEEP

    6144:0lmM9qphPo26auYNe7khUkePpA0QQvb9J7A6gJuNP7k6suXK2FzvaGY:0wvphPnYYNLzeRJ7AzMk61z0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

    • Target

      b7db705d5402da2662b9f339a8a06085_JaffaCakes118

    • Size

      355KB

    • MD5

      b7db705d5402da2662b9f339a8a06085

    • SHA1

      76206bee0a5a3ff525473030cc54e9c654d8ce19

    • SHA256

      367e0400b78d94aed02d364e9a8e41dfb7e0136f12e68dd1b532d529354e00f7

    • SHA512

      cff87c581407464e483e79e4d6472adb87bd6b13e04d906604cbdabe734d40962e9d5cfec174c0e45c7d6063d823d16dcb3ef00293bcc76a47f6d9d9d2552c16

    • SSDEEP

      6144:0lmM9qphPo26auYNe7khUkePpA0QQvb9J7A6gJuNP7k6suXK2FzvaGY:0wvphPnYYNLzeRJ7AzMk61z0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks