General

  • Target

    cc0458fa6fb1ba005a27dcaa0c056f1f_JaffaCakes118

  • Size

    720KB

  • Sample

    240405-f4bcbsde36

  • MD5

    cc0458fa6fb1ba005a27dcaa0c056f1f

  • SHA1

    88f2c1e356ee926042ad06345f0bd2333fcdd273

  • SHA256

    de77b81edea1415267968223cc3a1d67f95ebf87a8830363492d19e4126f1f2d

  • SHA512

    66280e16d73b9faf94c51999f8055698b2f593fde51f94bf36a30ec41202174968a5fb668b7be09f3a62c701409814dbd48b3d0ab6f589d43c53fdacd4bfb889

  • SSDEEP

    12288:0MHSBCAXT+FaCuMHALzXuw34RMWFzP89ARxuop5D6MfqoUsKfF:0lBfoAXV4RMQg9e57SoUsKfF

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Targets

    • Target

      cc0458fa6fb1ba005a27dcaa0c056f1f_JaffaCakes118

    • Size

      720KB

    • MD5

      cc0458fa6fb1ba005a27dcaa0c056f1f

    • SHA1

      88f2c1e356ee926042ad06345f0bd2333fcdd273

    • SHA256

      de77b81edea1415267968223cc3a1d67f95ebf87a8830363492d19e4126f1f2d

    • SHA512

      66280e16d73b9faf94c51999f8055698b2f593fde51f94bf36a30ec41202174968a5fb668b7be09f3a62c701409814dbd48b3d0ab6f589d43c53fdacd4bfb889

    • SSDEEP

      12288:0MHSBCAXT+FaCuMHALzXuw34RMWFzP89ARxuop5D6MfqoUsKfF:0lBfoAXV4RMQg9e57SoUsKfF

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks