General

  • Target

    0805c568ebc462721f7eb11b15689d51_JaffaCakes118

  • Size

    209KB

  • Sample

    241002-almdzs1gjh

  • MD5

    0805c568ebc462721f7eb11b15689d51

  • SHA1

    ec3aeab30e49c7923783896142187e61927595ef

  • SHA256

    c1ce2e8d13a1272f8f4db5ff64b9fa10660d7040f71ac3de3e09a775daade60e

  • SHA512

    797a8b2a766137f315895d7704468b47b1c191283b9c3f0c3d1754b4693147e4764efe56cd3dd549ef39429731832fe824f1e5ad4882233e99565a3253f6b183

  • SSDEEP

    6144:Fn+MK4LoaK4iIFOpOyrbrH0dltBhqz1SC1mGTlu0rO6304:Fn+RvaziIuOUH0dltBkhS5GAkb

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ieqo

Decoy

new-post-25782.xyz

podcastrrr.com

babyspageelong.com

boaddeo.club

distribuzionemedica.com

peaceofminderbinder.com

abbyrosemusic.com

odessawildliferemoval.com

prosperasight.com

liibbyapp.com

shandaferguson.com

kirsehiryenihaber.com

secured07b-chase.com

leanonmelifeadvice.com

securemtgs.com

temgk255.space

lunasparallevar.com

transportesdario.com

redwork.club

directopolis.com

Targets

    • Target

      Payment Slip.exe

    • Size

      223KB

    • MD5

      5cdcec900819b181a01ea4c007995969

    • SHA1

      d71954224a3c986ac4a7f116d4067d98257cfbb5

    • SHA256

      7fd75617ee39e8ed51f7e118f0aa46b83916dbf0d1d769e088c3fca7a4c0014f

    • SHA512

      e741d7658397cb8f8c581bd3d2c3807b93f9e987ff10668e5d7cea6dee149553392ee32be3983cc4adc9340cfe9ff3915a91faec9ad4a74574c0299d6c4761ad

    • SSDEEP

      3072:1g10r0K/C7MAov2zdV2JE/0unArFJHJlrAlfidgVkmv058mZT6+upQkdO7:1q0rpsMA+krMBBJHJZdnrb6+uQ

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks