General

  • Target

    fe2fc04068910b2e437f2dc9cd200ede_JaffaCakes118

  • Size

    939KB

  • Sample

    241219-dlhycavrcn

  • MD5

    fe2fc04068910b2e437f2dc9cd200ede

  • SHA1

    25f9e68d137d9b3b708eaa0e46b8d897b5f725bf

  • SHA256

    4685c8e4c8836d97c08ac60084f1ad2a12e0abed103c9a7048e3c36b40e8ed6d

  • SHA512

    5dba5c5dcafcf87d9f4e59a2e1c9889ccbda8c537a1560249955ab5c70d9a1a13909d066987b755c49b0ce2af431a45c0f2dfd5c73638acd6b1c77b6d3647057

  • SSDEEP

    24576:zkIW8ijyZU2YGaev1e0C40ui4ShmljIbnQrKboM:zkDZjAaet44S2IbnB0M

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uecu

Decoy

ishtarhotel.com

woodstrends.icu

jalenowens.com

manno.expert

ssg1asia.com

telepathylaw.com

quickoprintnv.com

abrosnm3.com

lumberjackcatering.com

beachujamaica.com

thomasjeffersonbyrd.com

starryfinds.com

shelavish2.com

royalglamempirellc.com

deixandomeuemprego.com

alexgoestech.xyz

opticamn.com

fermanchevybrandon.com

milbodegas.info

adunarsrl.com

Targets

    • Target

      fe2fc04068910b2e437f2dc9cd200ede_JaffaCakes118

    • Size

      939KB

    • MD5

      fe2fc04068910b2e437f2dc9cd200ede

    • SHA1

      25f9e68d137d9b3b708eaa0e46b8d897b5f725bf

    • SHA256

      4685c8e4c8836d97c08ac60084f1ad2a12e0abed103c9a7048e3c36b40e8ed6d

    • SHA512

      5dba5c5dcafcf87d9f4e59a2e1c9889ccbda8c537a1560249955ab5c70d9a1a13909d066987b755c49b0ce2af431a45c0f2dfd5c73638acd6b1c77b6d3647057

    • SSDEEP

      24576:zkIW8ijyZU2YGaev1e0C40ui4ShmljIbnQrKboM:zkDZjAaet44S2IbnB0M

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks