General

  • Target

    c1334561fb31974921383dfad2583192_JaffaCakes118

  • Size

    338KB

  • Sample

    240404-yjm5hahc62

  • MD5

    c1334561fb31974921383dfad2583192

  • SHA1

    2068527228a3a742623ae471645dc86f1d82ce0e

  • SHA256

    8436ced3953396414f8b719973ff09140f3909e188260e226c7b4b58fa39ee44

  • SHA512

    6898e267f88f42cd5643d56f65f26907b4820048c544e295d11df8835e193ae5f2ce7e4b5e362bc3b8ef4a1b2aa64e580a26a895aebf9e0191b66aff2f0df661

  • SSDEEP

    6144:PWoxgMkhBZUJNGGVrl66B4De9izV5owUUrAFyF+mwzamGB/q7SBT:PNSBa5V566WDFV5owMF++mmanPT

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bntn

Decoy

pollynfertility.com

frayahanson.com

longrunconsultancy.com

influencerimpactacademy.com

kentislandeats.com

71zkck.biz

835641.com

sklepmeki.store

lauradanielphotography.com

betnubhelp.com

invoicefunder.com

reignbeautycompany.com

eclipsegl.com

zacharyparkerporward5.com

alexiamalan.top

xn--299akkrtr22f.com

telex.business

pingsportsbet.com

fountainspringsrehab.com

intelbloodstock.com

Targets

    • Target

      c1334561fb31974921383dfad2583192_JaffaCakes118

    • Size

      338KB

    • MD5

      c1334561fb31974921383dfad2583192

    • SHA1

      2068527228a3a742623ae471645dc86f1d82ce0e

    • SHA256

      8436ced3953396414f8b719973ff09140f3909e188260e226c7b4b58fa39ee44

    • SHA512

      6898e267f88f42cd5643d56f65f26907b4820048c544e295d11df8835e193ae5f2ce7e4b5e362bc3b8ef4a1b2aa64e580a26a895aebf9e0191b66aff2f0df661

    • SSDEEP

      6144:PWoxgMkhBZUJNGGVrl66B4De9izV5owUUrAFyF+mwzamGB/q7SBT:PNSBa5V566WDFV5owMF++mmanPT

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks