General

  • Target

    5d054d358e94c8b282b9c0e6ba2185c9_JaffaCakes118

  • Size

    550KB

  • Sample

    240331-yztl8abf29

  • MD5

    5d054d358e94c8b282b9c0e6ba2185c9

  • SHA1

    069c96d4a9fb1ed9eaf6acc8b5b410803b38b8de

  • SHA256

    c53c1098e4621c2258d13bd6c36d95493343129c5846f6c0ca07c12565da843d

  • SHA512

    029518b8bf359508c02c5e0b1d108210549131ef25ec515c42cb09b2957b129fe83d5b0dfcc9a6a7436ef821145cec85ce0a9c9385eee1ffd809ef7c599aacfa

  • SSDEEP

    12288:fSNB3UxOvePX94GhfHxzWorVKcaJQocYnKrnSO:4ixTPX94YPrVKcaCochS

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sg5c

Decoy

chosenstoryto-detecttoday.info

eighthundredthousand.info

objectionportal.com

thelitsi.store

techbridgeassociates.com

noctilucaart.com

lift2.cloud

ureflective.com

tmongpil.com

hhhsccultum.quest

lzagc.com

jobs-fp.com

dalvarostyle.com

mushrelax.com

smokersoutletinc.com

centralenergi.com

bodepuro.com

no562.com

vintagechateauii.com

thriftyniftyandfine.com

Targets

    • Target

      5d054d358e94c8b282b9c0e6ba2185c9_JaffaCakes118

    • Size

      550KB

    • MD5

      5d054d358e94c8b282b9c0e6ba2185c9

    • SHA1

      069c96d4a9fb1ed9eaf6acc8b5b410803b38b8de

    • SHA256

      c53c1098e4621c2258d13bd6c36d95493343129c5846f6c0ca07c12565da843d

    • SHA512

      029518b8bf359508c02c5e0b1d108210549131ef25ec515c42cb09b2957b129fe83d5b0dfcc9a6a7436ef821145cec85ce0a9c9385eee1ffd809ef7c599aacfa

    • SSDEEP

      12288:fSNB3UxOvePX94GhfHxzWorVKcaJQocYnKrnSO:4ixTPX94YPrVKcaCochS

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks