JinxLoader leads to Formbook/XLoader [Wednesday, January 03, 2024]

JinxLoader leads to Formbook/XLoader [Wednesday, January 03, 2024]
Report

JinxLoader leads to Formbook/XLoader

Description :
JinxLoader is a relatively new malware service first posted to hackforums. The malware first arrives through a phishing email as an archived attachment and leads to Formbook/XLoader C2 traffic.

Published Created Modified
2024-01-03 14:29:01 2024-01-03 14:29:01 2024-01-03 14:50:02

Tags

Indicators

IPv4s :
  • 46.183.221.59
  • 88.209.206.65
URLs :
  • www.zkrbma.store
  • www.overthemoonphoto.com
  • www.infinite-7.com
  • www.taxhwangeub.com
  • www.ncdanmark.org
  • http://46.183.221.59/login
  • www.e3iaibr.icu
  • www.cjjmobbbshhhu.shop
  • www.1214888.com
  • www.219855.xn--80aswg
  • www.austintrafficlawyer.com
  • www.wgs.com.pk
  • www.ldhqi4.fun
  • https://www.wgs.com.pk/js/Qvaloe.vdf
  • www.terranovaservices.top
  • www.ofupakoshi.com
  • www.julieannmirabel.online
  • www.worldlife.casino
  • www.autrevalevale.click
Domains :
  • loose.vietdot.com
Hashes :
  • praveen.s@hsrfunke.com
  • c1d3ad3f518cf02925d304f1912860d01e8cfd8d2ed6f76bd200c7d25370206f
  • 20231128124623.11d85d83ed11a341@adnoc.ae
  • 5c11e9204d181a28fb6ba97d0f26febe409e2151ae71c5aa63ea34ffb14ed383
  • b7c66440c975bed86efe68c47c95bd1460ab8cf21bccacfc1e80c145e7be0f8b
  • alhossani@adnoc.ae
  • edf824f5152829ef7be198c97a42e4ecd5ae9be37ef57051deda0435cc302063
  • 9b1090ff32a441a89294739884b9a0330e75497573dde39b6b79ac4dd0a9effd
  • 08bf78e0c3c6250a295664c3fb4be7d05b90592260f979f87bb476638dd4a0a9
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.