General

  • Target

    f2dbb356ab48fcab6f0ef2ceb6d8cebb_JaffaCakes118

  • Size

    917KB

  • Sample

    241215-hzd9jaxlds

  • MD5

    f2dbb356ab48fcab6f0ef2ceb6d8cebb

  • SHA1

    6de618418c322dd8e9019013658c37523d56a18d

  • SHA256

    73c9e89d51022a4059395c2849313595439ca715a36d7383e9708bc6421aa628

  • SHA512

    0937c20f77486158d7a5583b63d5a98fe86dfbc57e566a417ac7f9c7768c9ebba589bb36f16ee7488e5405fbff34622c0ce07538c2384ccef54b62cf59243a33

  • SSDEEP

    12288:GAkCfhwf7HK7zQUKRqVB2FTBdjgrPSAL+l7VdSlQCVngOXiMzUkBCFI+A:eCzsiVB2N3jQaALtQCVfXTFB

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      f2dbb356ab48fcab6f0ef2ceb6d8cebb_JaffaCakes118

    • Size

      917KB

    • MD5

      f2dbb356ab48fcab6f0ef2ceb6d8cebb

    • SHA1

      6de618418c322dd8e9019013658c37523d56a18d

    • SHA256

      73c9e89d51022a4059395c2849313595439ca715a36d7383e9708bc6421aa628

    • SHA512

      0937c20f77486158d7a5583b63d5a98fe86dfbc57e566a417ac7f9c7768c9ebba589bb36f16ee7488e5405fbff34622c0ce07538c2384ccef54b62cf59243a33

    • SSDEEP

      12288:GAkCfhwf7HK7zQUKRqVB2FTBdjgrPSAL+l7VdSlQCVngOXiMzUkBCFI+A:eCzsiVB2N3jQaALtQCVfXTFB

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks