General

  • Target

    fda0d823b262ac2b1bd76a2053c29692_JaffaCakes118

  • Size

    466KB

  • Sample

    240420-zqw7eshg35

  • MD5

    fda0d823b262ac2b1bd76a2053c29692

  • SHA1

    73f72d7c987d44d1f236c138c5617b527c5ba340

  • SHA256

    91a166f9a29ad832c9640078210a47e5afa928ab1a79a7b40d3b358e9c8bc5d5

  • SHA512

    230e3a12c58a61c2348463b5acb92a6b557419b79e0427882750caa84d3c7e8fcec92ff6151f4f22b6eb967da138c931ed56f0dedadf1af1ac5d809508e74507

  • SSDEEP

    12288:AsXSBAmUT9BbRsXFkN8xDqT2LWWJOxTa:AsCBAme9Bb2Xq8xk2LWx

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

    • Target

      fda0d823b262ac2b1bd76a2053c29692_JaffaCakes118

    • Size

      466KB

    • MD5

      fda0d823b262ac2b1bd76a2053c29692

    • SHA1

      73f72d7c987d44d1f236c138c5617b527c5ba340

    • SHA256

      91a166f9a29ad832c9640078210a47e5afa928ab1a79a7b40d3b358e9c8bc5d5

    • SHA512

      230e3a12c58a61c2348463b5acb92a6b557419b79e0427882750caa84d3c7e8fcec92ff6151f4f22b6eb967da138c931ed56f0dedadf1af1ac5d809508e74507

    • SSDEEP

      12288:AsXSBAmUT9BbRsXFkN8xDqT2LWWJOxTa:AsCBAme9Bb2Xq8xk2LWx

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks