General

  • Target

    f7e38bf7062e2476eb111fd95288e2b5_JaffaCakes118

  • Size

    777KB

  • Sample

    240926-jh6swsvfrq

  • MD5

    f7e38bf7062e2476eb111fd95288e2b5

  • SHA1

    7ef1768ac9a9860b75503312eb1455f4e300cdbf

  • SHA256

    a815ffed78a03eb9a180c0a70b50ce7c6f283fd98e0d590ebbb5f1e0b35fcd65

  • SHA512

    c11b9b23f33ba102cdff70420f5bbe68a1ff88b244df2c82cfbaa1b996d1162c2db9384238e8a414a518e5aace4be1736f5399c46f457eb695bac40384a1f215

  • SSDEEP

    12288:G6foWJcSbkFHcb7/mY/TGhQOPT4WfwRfWROQ5g0x6dgX6okimIf9vSgBS/G6OxfM:RJPb7/bT2D5giGfFaq

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uszn

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      f7e38bf7062e2476eb111fd95288e2b5_JaffaCakes118

    • Size

      777KB

    • MD5

      f7e38bf7062e2476eb111fd95288e2b5

    • SHA1

      7ef1768ac9a9860b75503312eb1455f4e300cdbf

    • SHA256

      a815ffed78a03eb9a180c0a70b50ce7c6f283fd98e0d590ebbb5f1e0b35fcd65

    • SHA512

      c11b9b23f33ba102cdff70420f5bbe68a1ff88b244df2c82cfbaa1b996d1162c2db9384238e8a414a518e5aace4be1736f5399c46f457eb695bac40384a1f215

    • SSDEEP

      12288:G6foWJcSbkFHcb7/mY/TGhQOPT4WfwRfWROQ5g0x6dgX6okimIf9vSgBS/G6OxfM:RJPb7/bT2D5giGfFaq

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks