General

  • Target

    JaffaCakes118_dd201b746a8078d6a590c24015ccd1a8

  • Size

    400KB

  • Sample

    250110-g43bgsvmht

  • MD5

    dd201b746a8078d6a590c24015ccd1a8

  • SHA1

    d317c771f4dc6e0c458a7e37b282067d061e4d75

  • SHA256

    35343871869b50c2cba5ac827b1a7201c5adcb1dfb6cd3098d4f245ba49ceb58

  • SHA512

    bb49f42aaacc4414d32423b316becf274a4dc2010932ea42ec919ce7da32b839ed890de6bf8501494a391fe0043c86ebff21b7035b92eafcd72784656cf075d2

  • SSDEEP

    6144:SjyESJejXMRMCTc/8Yo0g333ZFFAdCJ5sQK260aBTY:SjyESJcMR1QUYzg3nlAu5s2la+

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mqi9

Decoy

spectehnika-rb.com

daleproaudio.xyz

cpw887.com

gosbs-b01.com

clarkmanagementhawaii.com

taobaoi68.xyz

hoppedchardonnay.com

extremesavings.net

newbiepanda.com

arul-jegadish.com

kellibrat.com

avto-mercury.info

percussionportal.com

colorfulworldpublishing.com

notvaccinatedjobs.com

cattavida.com

pioniersa.com

yanduy.com

mzjing.com

piedmontpines.school

Targets

    • Target

      JaffaCakes118_dd201b746a8078d6a590c24015ccd1a8

    • Size

      400KB

    • MD5

      dd201b746a8078d6a590c24015ccd1a8

    • SHA1

      d317c771f4dc6e0c458a7e37b282067d061e4d75

    • SHA256

      35343871869b50c2cba5ac827b1a7201c5adcb1dfb6cd3098d4f245ba49ceb58

    • SHA512

      bb49f42aaacc4414d32423b316becf274a4dc2010932ea42ec919ce7da32b839ed890de6bf8501494a391fe0043c86ebff21b7035b92eafcd72784656cf075d2

    • SSDEEP

      6144:SjyESJejXMRMCTc/8Yo0g333ZFFAdCJ5sQK260aBTY:SjyESJcMR1QUYzg3nlAu5s2la+

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks