General

  • Target

    baabc6cadf9acf37892806e0f354a0e5_JaffaCakes118

  • Size

    711KB

  • Sample

    240404-rrh27aag77

  • MD5

    baabc6cadf9acf37892806e0f354a0e5

  • SHA1

    02bca9e6fe235d0779839e9b8ee49ff49852ff15

  • SHA256

    e0b8292b168c2523dd7dd9116cd72abd0ad084e5c92b0c490a9555f1fbb43f80

  • SHA512

    37eca1b79ae92ba42705235050818e91ff41fa43595a08f2aab9d1b7824e9248ca8feeb07cc429cbf3915c15a7e6f16073548939e74b4077802c667daa3ca515

  • SSDEEP

    12288:SxKGLDyFq5idmWiuT9p1NwJbgTyOie5C2osMiq4oNJpdNRFsb8NM+cT2aVhOje5w:TF4Gdyle53olNJpdfutzT7VhOk4j

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cu6s

Decoy

ittakesgenius.com

jezansing.website

escueladelbuenamor.net

ultimateoutdoorslandscape.com

garthjroach.com

mvpartscenter.com

soportelandfill.com

allforfrances.com

mamanvaalecole.com

auditoryhvxgg.online

3amdispo.com

btgdeaca.xyz

massborn.com

cinlys.com

haubenschild.net

academyofmissionrenewal.com

getspycio.com

sueldatersy.quest

lairdsy.com

lo-nen.com

Targets

    • Target

      Payment Advice.exe

    • Size

      820KB

    • MD5

      402a3b08da43a562db112e7f93a7f3c4

    • SHA1

      ae0ba481fad4952472203c1de153052d82690fe8

    • SHA256

      2f33401fcaa784788815a7a9beac346e875de407bac6d412030f87cd07fa042f

    • SHA512

      bd69f067bacfb6ecb03e15903a3530065f095ac1081444c4a8582de84642a7367a21ab9ce15bd356e03928ff296a6fff11eb8be429d18d77dfd245623ee0e1d5

    • SSDEEP

      24576:LCzwgNzmbQAwpUGfogN642M49xcrJKAuE:aZNzmbvwp/ogN64Z49iNKl

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks