General

  • Target

    e78a8c49a3846c8224702bdfe143d6b9_JaffaCakes118

  • Size

    567KB

  • Sample

    240917-x4py6azhmg

  • MD5

    e78a8c49a3846c8224702bdfe143d6b9

  • SHA1

    f35ee4878252d4a6c38971a0768b2adff12ceffe

  • SHA256

    8f7fa187226287ba3a8858e75b00b021022fbfbc8f1f7ae01557cf692510fe00

  • SHA512

    6902c408ee655a97d3e9c9a056c57716e964f1ef5beaaa40b30a95fad93a8f13167872fa53e7c7a9574c2544ee36f6f2c3bf3fe42063871f0dc89513af0bdc1e

  • SSDEEP

    12288:bEpO29Vm7Fru4efOhizn2MJT6YashlM0JT6YashlMCDvoP:4pXm704Tho2I9ashlV9ashlr8

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n092

Decoy

classictilematch.net

joy-one.xyz

paraflexwork.com

eurxtoa.online

azrock-express.com

rojareal.com

weprepareamerica-world.com

boss-investor.com

sportstrainernetwork.com

hoshibanamogurablog.com

thymoscorp.com

dqrygx.com

multispicesindonesia.com

fortydaysaesthetic.com

citycourtlafayetteclass.com

sporexx.com

mahsaparvizi.com

casinort.net

arssaf.com

cupandthoughts.com

Targets

    • Target

      e78a8c49a3846c8224702bdfe143d6b9_JaffaCakes118

    • Size

      567KB

    • MD5

      e78a8c49a3846c8224702bdfe143d6b9

    • SHA1

      f35ee4878252d4a6c38971a0768b2adff12ceffe

    • SHA256

      8f7fa187226287ba3a8858e75b00b021022fbfbc8f1f7ae01557cf692510fe00

    • SHA512

      6902c408ee655a97d3e9c9a056c57716e964f1ef5beaaa40b30a95fad93a8f13167872fa53e7c7a9574c2544ee36f6f2c3bf3fe42063871f0dc89513af0bdc1e

    • SSDEEP

      12288:bEpO29Vm7Fru4efOhizn2MJT6YashlM0JT6YashlMCDvoP:4pXm704Tho2I9ashlV9ashlr8

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks