General

  • Target

    0cc094b93ea3fe9dcf1897e41d8ef875_JaffaCakes118

  • Size

    881KB

  • Sample

    241002-2nr6ssvdrc

  • MD5

    0cc094b93ea3fe9dcf1897e41d8ef875

  • SHA1

    26a40e556b826052196a2bcea93d1962ea1a6eaf

  • SHA256

    811745e059225a9d2c1e3a283c2895589f36332a5e90c6cbe3425b841b3b024d

  • SHA512

    c98f2a184be3d15a7dbb3c7d882d3a8848dfd6709e461457ba84170a7ceea558f6494ab73c397144091e1715add5623b611c48078576c44c44a509425898c091

  • SSDEEP

    12288:Y94in3qGaNHEyC9/oR9gy5ZHK7zWQDLDhjiKznNWOoyw1rFYi/tOfeAD7GK:8Pp9AR95SlLDxn0ORw1xYSt7e7GK

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

    • Target

      0cc094b93ea3fe9dcf1897e41d8ef875_JaffaCakes118

    • Size

      881KB

    • MD5

      0cc094b93ea3fe9dcf1897e41d8ef875

    • SHA1

      26a40e556b826052196a2bcea93d1962ea1a6eaf

    • SHA256

      811745e059225a9d2c1e3a283c2895589f36332a5e90c6cbe3425b841b3b024d

    • SHA512

      c98f2a184be3d15a7dbb3c7d882d3a8848dfd6709e461457ba84170a7ceea558f6494ab73c397144091e1715add5623b611c48078576c44c44a509425898c091

    • SSDEEP

      12288:Y94in3qGaNHEyC9/oR9gy5ZHK7zWQDLDhjiKznNWOoyw1rFYi/tOfeAD7GK:8Pp9AR95SlLDxn0ORw1xYSt7e7GK

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks