General

  • Target

    f2654cd7598c850ba9229ce85998b556_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240416-b4actaga9w

  • MD5

    f2654cd7598c850ba9229ce85998b556

  • SHA1

    6108ca584686f895fe949878af699e846cbe19d0

  • SHA256

    a580a0ff9f6c6a6120632d565e69978de243842368c34c3f2abb3de3f441e06b

  • SHA512

    d911bab4267a5ff0907f09e5fe4a3c22e18452659e0af17bc9dc719ba5fb27e2863429cf28debe11597209c15cb22a4c7226310f5dd2ff2984030e91fa7051c0

  • SSDEEP

    24576:odS/d31Kzks8ks21oODt9HJcPNoPZBUK3ITy8jh8N6ZN:JKDBxfQK30ON6ZN

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

    • Target

      f2654cd7598c850ba9229ce85998b556_JaffaCakes118

    • Size

      1.1MB

    • MD5

      f2654cd7598c850ba9229ce85998b556

    • SHA1

      6108ca584686f895fe949878af699e846cbe19d0

    • SHA256

      a580a0ff9f6c6a6120632d565e69978de243842368c34c3f2abb3de3f441e06b

    • SHA512

      d911bab4267a5ff0907f09e5fe4a3c22e18452659e0af17bc9dc719ba5fb27e2863429cf28debe11597209c15cb22a4c7226310f5dd2ff2984030e91fa7051c0

    • SSDEEP

      24576:odS/d31Kzks8ks21oODt9HJcPNoPZBUK3ITy8jh8N6ZN:JKDBxfQK30ON6ZN

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks