General

  • Target

    c1a77dddf52f12af022d82471e6bdf19_JaffaCakes118

  • Size

    864KB

  • Sample

    240825-1mp5dawhke

  • MD5

    c1a77dddf52f12af022d82471e6bdf19

  • SHA1

    c39c5f47d73dd8a0b7fd2ebaad7a7b57a92d0ea0

  • SHA256

    5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489

  • SHA512

    b0825bccffaa39791d19919f0ae3f95f384c9da6aad24f50d3623267da266ddde95eb7f0d3777e33cc013a0fe770230a8e03501b7b32d1834528b61af14b60cb

  • SSDEEP

    24576:BM94rYW6Z7iYtU+wkx8JwKD84r9kMXW+mj:mnZ7iYtCwi8SHvmj

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

    • Target

      c1a77dddf52f12af022d82471e6bdf19_JaffaCakes118

    • Size

      864KB

    • MD5

      c1a77dddf52f12af022d82471e6bdf19

    • SHA1

      c39c5f47d73dd8a0b7fd2ebaad7a7b57a92d0ea0

    • SHA256

      5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489

    • SHA512

      b0825bccffaa39791d19919f0ae3f95f384c9da6aad24f50d3623267da266ddde95eb7f0d3777e33cc013a0fe770230a8e03501b7b32d1834528b61af14b60cb

    • SSDEEP

      24576:BM94rYW6Z7iYtU+wkx8JwKD84r9kMXW+mj:mnZ7iYtCwi8SHvmj

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks