General

  • Target

    c0acc3b21bf2b1447b6990f85a0612a6_JaffaCakes118

  • Size

    399KB

  • Sample

    240404-x4dacsfh8w

  • MD5

    c0acc3b21bf2b1447b6990f85a0612a6

  • SHA1

    dffac7b811cb9441e1c20ac15233514c4fade396

  • SHA256

    16165e33ccd1feacc75d3bbb5e85bc304c566eaa45719aeca7e3d737f84fc641

  • SHA512

    2f1888ef3be9ac8fbc298d5496e15efe299dc129e43f7f4d02bf2988ad920c703d801eb0ad21b546918bd1df0d50aebcbcdb80d360d40a53e855b5244acd4e22

  • SSDEEP

    6144:ONtGpBRIZbEIZscMEC0iy+ma7dQvk4JrV2wqCDpVOxIbEBRwWY:OrSRliLG0s7qvk4JrNquVOxIoe

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bec2

Decoy

ipelard.com

26gjm.xyz

frontiermotorspaintandbody.net

sunslide.club

blue-chipwordtoscan-today.info

stephanieandjoseph.com

city-show.com

chosen-novels.com

unfinitsoluciones.com

eventsidevibe.com

kingsferryshipping.com

cfostco.com

terrafirmanft.com

ultra-dvd-player.com

networkaccesskey.com

masoncable.net

blazed.tel

herbalmedication.xyz

whistlecapital.com

brasbux.com

Targets

    • Target

      c0acc3b21bf2b1447b6990f85a0612a6_JaffaCakes118

    • Size

      399KB

    • MD5

      c0acc3b21bf2b1447b6990f85a0612a6

    • SHA1

      dffac7b811cb9441e1c20ac15233514c4fade396

    • SHA256

      16165e33ccd1feacc75d3bbb5e85bc304c566eaa45719aeca7e3d737f84fc641

    • SHA512

      2f1888ef3be9ac8fbc298d5496e15efe299dc129e43f7f4d02bf2988ad920c703d801eb0ad21b546918bd1df0d50aebcbcdb80d360d40a53e855b5244acd4e22

    • SSDEEP

      6144:ONtGpBRIZbEIZscMEC0iy+ma7dQvk4JrV2wqCDpVOxIbEBRwWY:OrSRliLG0s7qvk4JrNquVOxIoe

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks