General

  • Target

    a3471629786819e39c78c4219ae04771_JaffaCakes118

  • Size

    723KB

  • Sample

    240817-ty9jtsxhrl

  • MD5

    a3471629786819e39c78c4219ae04771

  • SHA1

    b94fa145d99416d7c2fed901e83108e257e417eb

  • SHA256

    c0cf68515b3afd73306eaa9c2abdd73f06bfba2943f57fd081e7ae25cfbf7b76

  • SHA512

    24731547612a0ffd8c18e5797a765612fcc9567aed74397a832e9721a14a0b885fd9388ec3724cea038f77c236a72ca7d73946149a1799c75956c7c41c0741ef

  • SSDEEP

    12288:wxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK8bColQVpvlbKmQQUTvSq8MFNBUt:pljBKnRIIQOhKcCTKWlQVhFKmvxqnfBU

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

0tog

Decoy

nordicgeneralcounsel.com

global1pbx.com

schoolcovidmap.com

asfsonline.net

landquestlandscape.com

streetsaheadleisure.com

acterialed.store

supremehtv.com

oregondst.com

gsmits.com

goldershealth.com

ideagroup.one

405eastfirststreetnapa.com

cleidgarciamarket.com

buybeatsbydre.com

icdr1.com

mydivinedelights.com

trotinette-electrique-shop.com

bigbrainmedialv.com

greatheightstours.com

Targets

    • Target

      a3471629786819e39c78c4219ae04771_JaffaCakes118

    • Size

      723KB

    • MD5

      a3471629786819e39c78c4219ae04771

    • SHA1

      b94fa145d99416d7c2fed901e83108e257e417eb

    • SHA256

      c0cf68515b3afd73306eaa9c2abdd73f06bfba2943f57fd081e7ae25cfbf7b76

    • SHA512

      24731547612a0ffd8c18e5797a765612fcc9567aed74397a832e9721a14a0b885fd9388ec3724cea038f77c236a72ca7d73946149a1799c75956c7c41c0741ef

    • SSDEEP

      12288:wxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK8bColQVpvlbKmQQUTvSq8MFNBUt:pljBKnRIIQOhKcCTKWlQVhFKmvxqnfBU

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks