General

  • Target

    55a9557fd520e2b5886a09ca8921def3_JaffaCakes118

  • Size

    687KB

  • Sample

    241018-fyzgzayhqh

  • MD5

    55a9557fd520e2b5886a09ca8921def3

  • SHA1

    a21c2095591a1ddd093242d45b2220bc4fad5298

  • SHA256

    e8287d910fa441a9af68860be6dbeeb6ca4e6e5ee2920f1f2d66775dc7c30b05

  • SHA512

    c7f90f43568f5e67675e4fbd870644066c43a028844415cac029c8493f6b5a3b34fc23eaf239c51a8572d01f1128233f66f17f4f32e142d8cd3262bed2ab8319

  • SSDEEP

    12288:OMv/HK7z/vgOLvgA/5w6o8hTAfe0/RTc9e+FQ:mE0vl/5w6zBy49n

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uisg

Decoy

editions-doc.com

nbchengfei.com

adepojuolaoluwa.com

wereldsewoorden.com

sjstyles.com

indigo-cambodia.com

avrenue.com

decaturwilbert.com

tech-really.com

kimurayoshino.com

melocotonmx.com

njrxmjg.com

amandadoylecoach.com

miniaide.com

kocaeliescortalev.com

ycxshi.com

f4funda.com

126047cp.com

projecteutopia.com

masksforvoting.com

Targets

    • Target

      55a9557fd520e2b5886a09ca8921def3_JaffaCakes118

    • Size

      687KB

    • MD5

      55a9557fd520e2b5886a09ca8921def3

    • SHA1

      a21c2095591a1ddd093242d45b2220bc4fad5298

    • SHA256

      e8287d910fa441a9af68860be6dbeeb6ca4e6e5ee2920f1f2d66775dc7c30b05

    • SHA512

      c7f90f43568f5e67675e4fbd870644066c43a028844415cac029c8493f6b5a3b34fc23eaf239c51a8572d01f1128233f66f17f4f32e142d8cd3262bed2ab8319

    • SSDEEP

      12288:OMv/HK7z/vgOLvgA/5w6o8hTAfe0/RTc9e+FQ:mE0vl/5w6zBy49n

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks