General

  • Target

    b04b0416c7a562416e58c07fb38699a7_JaffaCakes118

  • Size

    699KB

  • Sample

    240820-wstbrswejd

  • MD5

    b04b0416c7a562416e58c07fb38699a7

  • SHA1

    e0737cd598cd24a694632f81bb274d1e8792840a

  • SHA256

    19492b5df68b96dd4dd552f1a4735f795fa8bedef47ac95f1336d9731ec5edd2

  • SHA512

    ab541f799016fcf96e89d5e64232cbc94544e777875b8d8c33a68dc058467dfd53da09b11e911a0d654e0109d4e5e353dfaaaec1753b35f6dad8a8d8be22fd02

  • SSDEEP

    6144:0leWOQ+3HwOExxWFVBHtfsrIL7po8wutYF7Ke2ubf3XJvf9NGJUa/tnhn4122Irm:moXz68Le8wuOF7KeL3XJv10U4l4l

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

scb0

Decoy

introlly.com

slowtravelco.com

sasanos.com

3424soldbastrophwy.com

isabelaefernando.net

0754fm.com

meta-bot.xyz

778tt8.com

krallechols.quest

lipagent.com

dermaqueeniran.com

psychoterapeuta-wroclaw.com

marmorariapiramide.online

luxonealbery.com

floridawp.com

nebobuild.com

facillitiespro-sweep.com

wwgzj.com

puffsmoke.online

cryptofuelcars.com

Targets

    • Target

      b04b0416c7a562416e58c07fb38699a7_JaffaCakes118

    • Size

      699KB

    • MD5

      b04b0416c7a562416e58c07fb38699a7

    • SHA1

      e0737cd598cd24a694632f81bb274d1e8792840a

    • SHA256

      19492b5df68b96dd4dd552f1a4735f795fa8bedef47ac95f1336d9731ec5edd2

    • SHA512

      ab541f799016fcf96e89d5e64232cbc94544e777875b8d8c33a68dc058467dfd53da09b11e911a0d654e0109d4e5e353dfaaaec1753b35f6dad8a8d8be22fd02

    • SSDEEP

      6144:0leWOQ+3HwOExxWFVBHtfsrIL7po8wutYF7Ke2ubf3XJvf9NGJUa/tnhn4122Irm:moXz68Le8wuOF7KeL3XJv10U4l4l

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks