General

  • Target

    c973e16041f13ff85a30dfe58b3bf5ad_JaffaCakes118

  • Size

    590KB

  • Sample

    240405-dyp77abf34

  • MD5

    c973e16041f13ff85a30dfe58b3bf5ad

  • SHA1

    84347bc4172c4c8bc36ce2b6d6916b5a5f567dbe

  • SHA256

    e4f8b98f8e13c39a8a37fe7f2ac39f76790ae154a1a47941d889c663675e970e

  • SHA512

    19ea24c207115fd315da6ffcd32127c3304f1d1889691c213815bafd23f6cbadc805392af5d6bc731b0286e97a422cd7b6a38c3f5e4f798d557656122b38b6ae

  • SSDEEP

    12288:boOc8IzcXhvYQ/H7zSg1fyyVtW8TjZWCZtixuTt1Im2vg0:XFKc3tZWyXTt1Iw

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

i6rd

Decoy

ritotvmount.xyz

szxhpfk.com

yatakturkiye.com

belugacdn.xyz

doralopen.com

gongzyrxzlhurhhhvdclmddi.store

lyvconsulting.com

it-pampering.com

weerwi.com

phdelivery1.store

neofluentsurf.com

lainsurance.xyz

ietaricardocastellarbarrios.com

despachantemedeiros.digital

madnext.online

serenity.holdings

rfvb.club

nickroche.online

hnjst.net

wolkeverts.quest

Targets

    • Target

      c973e16041f13ff85a30dfe58b3bf5ad_JaffaCakes118

    • Size

      590KB

    • MD5

      c973e16041f13ff85a30dfe58b3bf5ad

    • SHA1

      84347bc4172c4c8bc36ce2b6d6916b5a5f567dbe

    • SHA256

      e4f8b98f8e13c39a8a37fe7f2ac39f76790ae154a1a47941d889c663675e970e

    • SHA512

      19ea24c207115fd315da6ffcd32127c3304f1d1889691c213815bafd23f6cbadc805392af5d6bc731b0286e97a422cd7b6a38c3f5e4f798d557656122b38b6ae

    • SSDEEP

      12288:boOc8IzcXhvYQ/H7zSg1fyyVtW8TjZWCZtixuTt1Im2vg0:XFKc3tZWyXTt1Iw

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks