General

  • Target

    4077e3d5f9c40a972fbcc013991f324a_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241013-r7ve6asbld

  • MD5

    4077e3d5f9c40a972fbcc013991f324a

  • SHA1

    6cc2be0cf870a3ab5fc92e73a66d48c12352a753

  • SHA256

    dba4d76fb1d049ea4f4a3c447d9141489305594eef26f2e175b696ac620c59bf

  • SHA512

    afd1431ebd8b93d9a4f29a95bdaa0c50a9a6e8daaf9961aa02ca7fce143a0fcead3c66c73575088f7501f430f07c6cbb3362f8b317996c313c0c68559d8897b9

  • SSDEEP

    12288:v+q3bFCO9bHBa3AWZavABd0YItKOxZsSbWQdOm//8xLrQ6H+yy1Susr8MmH3j5Q:R19bHBiHj6cOxvbWQd9/EFMZLS5R0

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m7gs

Decoy

goodxxxhigh.com

blun33.com

mcbt328.com

sxtdba.com

sagalocal.icu

spentonindustries.com

greatexpectationssouthshore.com

herzenco.com

duoxizhe.com

h-mawari.net

jeevicain.com

sculpted-vegan.net

vipchainwallet.com

smartanalytics.info

jiujirat.com

canhoquan8-centralpremium.com

pasarandir.com

mario17331.com

dillonsavage.com

ladiesboxx.com

Targets

    • Target

      4077e3d5f9c40a972fbcc013991f324a_JaffaCakes118

    • Size

      1.5MB

    • MD5

      4077e3d5f9c40a972fbcc013991f324a

    • SHA1

      6cc2be0cf870a3ab5fc92e73a66d48c12352a753

    • SHA256

      dba4d76fb1d049ea4f4a3c447d9141489305594eef26f2e175b696ac620c59bf

    • SHA512

      afd1431ebd8b93d9a4f29a95bdaa0c50a9a6e8daaf9961aa02ca7fce143a0fcead3c66c73575088f7501f430f07c6cbb3362f8b317996c313c0c68559d8897b9

    • SSDEEP

      12288:v+q3bFCO9bHBa3AWZavABd0YItKOxZsSbWQdOm//8xLrQ6H+yy1Susr8MmH3j5Q:R19bHBiHj6cOxvbWQd9/EFMZLS5R0

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks