General

  • Target

    01edae7572bd3dcad70155d3b988f63b_JaffaCakes118

  • Size

    258KB

  • Sample

    240930-sa3kya1drp

  • MD5

    01edae7572bd3dcad70155d3b988f63b

  • SHA1

    54535c80179fad6b92ee7d1378a5865c4c3b3999

  • SHA256

    3cf9356a4b252073db553cfc05544213078ba8ede54eaa45ab83637d86fdd948

  • SHA512

    f7cb116243da0563f7e4e3cfa73cf6106738bf5e1d9b6a15af615ad284dc8963061889c1ae99a2b4a382e0179b88e32b435683db40559e2f490ec96cd035e0d3

  • SSDEEP

    6144:d1ZIA0NUuoAzOgv19kwnG+XnRabukHQWpHpshHwipISW:d1+RNUE9kwnGqR/kwsJ5SW

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

enmm

Decoy

westcorinnewater.com

secretosdebolsa.com

carolineeyguthrie.com

fuzion.events

reatour.com

alertfirerescue.com

gd-dw.com

christian-glass.com

herbandflour.com

ttingjab.com

xn--gmq18di80c2lb.com

usabilitykitchen.com

liverpoolbeautyco.com

yyb.one

egeemlak.net

news-crunch.com

johneflix.com

lionlegalsolutions.com

doikatsuman.net

cyberlegalofficer.com

Targets

    • Target

      01edae7572bd3dcad70155d3b988f63b_JaffaCakes118

    • Size

      258KB

    • MD5

      01edae7572bd3dcad70155d3b988f63b

    • SHA1

      54535c80179fad6b92ee7d1378a5865c4c3b3999

    • SHA256

      3cf9356a4b252073db553cfc05544213078ba8ede54eaa45ab83637d86fdd948

    • SHA512

      f7cb116243da0563f7e4e3cfa73cf6106738bf5e1d9b6a15af615ad284dc8963061889c1ae99a2b4a382e0179b88e32b435683db40559e2f490ec96cd035e0d3

    • SSDEEP

      6144:d1ZIA0NUuoAzOgv19kwnG+XnRabukHQWpHpshHwipISW:d1+RNUE9kwnGqR/kwsJ5SW

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks