General

  • Target

    f1778e10ebe79d43824716896d407a07_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240415-tqhq5sch7s

  • MD5

    f1778e10ebe79d43824716896d407a07

  • SHA1

    ec03537af042f6fc51b2b6cfb87107e09f22f6a6

  • SHA256

    debf9ef658a9abcc44b0d3e2d4949a2bc5f46d85c4ce44a1ad5c93c329ed62a2

  • SHA512

    a8aaf3167a1f85bb287abb94262231bec92a8ea9817445f411a5f6c81e88eeccb749a74167dc9d8ec9aab31c19bd3926297f8586a3c5e5d89866be371f940d69

  • SSDEEP

    24576:AhOsBgo0q4wMfBmCmTOUd+L6kvXWcr539JcsjEwJQwyRVBT:AYoHMpmCm6Ud+zvXPr539Tj7mwypT

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

    • Target

      f1778e10ebe79d43824716896d407a07_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f1778e10ebe79d43824716896d407a07

    • SHA1

      ec03537af042f6fc51b2b6cfb87107e09f22f6a6

    • SHA256

      debf9ef658a9abcc44b0d3e2d4949a2bc5f46d85c4ce44a1ad5c93c329ed62a2

    • SHA512

      a8aaf3167a1f85bb287abb94262231bec92a8ea9817445f411a5f6c81e88eeccb749a74167dc9d8ec9aab31c19bd3926297f8586a3c5e5d89866be371f940d69

    • SSDEEP

      24576:AhOsBgo0q4wMfBmCmTOUd+L6kvXWcr539JcsjEwJQwyRVBT:AYoHMpmCm6Ud+zvXPr539Tj7mwypT

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks