General

  • Target

    db70d6b73724df85b1a004112b62a8df_JaffaCakes118

  • Size

    805KB

  • Sample

    240911-3t9hpszemp

  • MD5

    db70d6b73724df85b1a004112b62a8df

  • SHA1

    357943c19becd73eb82afde209fb31dd6bb5fbfa

  • SHA256

    21663180827caf7f2dfb9bb17db9e9b69ff0a867f2901f148b134d323efb802c

  • SHA512

    12de32c136aa44ab9b4ff4709782a7da3882d47a5a4b48c9c086bc6f73e0904569b3cfd4e1541c9ae94116fe4944f208d230624b724c6938b6fd1daa27b97723

  • SSDEEP

    24576:p3GH3Nbwuns9skinW7xqJ1hiptHs1Y7fybeMoo3M6IF0R1/utasoW:p3GH3Nbwuns9skinWC10M1Yebio86I0K

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uszn

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      db70d6b73724df85b1a004112b62a8df_JaffaCakes118

    • Size

      805KB

    • MD5

      db70d6b73724df85b1a004112b62a8df

    • SHA1

      357943c19becd73eb82afde209fb31dd6bb5fbfa

    • SHA256

      21663180827caf7f2dfb9bb17db9e9b69ff0a867f2901f148b134d323efb802c

    • SHA512

      12de32c136aa44ab9b4ff4709782a7da3882d47a5a4b48c9c086bc6f73e0904569b3cfd4e1541c9ae94116fe4944f208d230624b724c6938b6fd1daa27b97723

    • SSDEEP

      24576:p3GH3Nbwuns9skinW7xqJ1hiptHs1Y7fybeMoo3M6IF0R1/utasoW:p3GH3Nbwuns9skinWC10M1Yebio86I0K

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks