General

  • Target

    fd45b4fe49d0e8c38c34fdd1bdad1dda_JaffaCakes118

  • Size

    524KB

  • Sample

    240420-v8rmfadh24

  • MD5

    fd45b4fe49d0e8c38c34fdd1bdad1dda

  • SHA1

    955da56927ee2d3afe02a1cef22d7384fe7066eb

  • SHA256

    5d5aa4f1afaa9dd98bc1317f5b8e190cf21130d465da575fac9d4fbc6b3fb3af

  • SHA512

    dffd9842de31f170c2f6d22cf067ad7f4aacd97011f0d5751071baa9011fcab90a1e6e21c3301241107efbd8b0aa40707dde0e7003082ff41cb08cdfcdc56589

  • SSDEEP

    12288:9E+M7a6xtv2uMblHYqZ8kr6Z+A2skebXul0tGsucD3SB:K+NctvvalY5e6xD30sucDiB

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

    • Target

      fd45b4fe49d0e8c38c34fdd1bdad1dda_JaffaCakes118

    • Size

      524KB

    • MD5

      fd45b4fe49d0e8c38c34fdd1bdad1dda

    • SHA1

      955da56927ee2d3afe02a1cef22d7384fe7066eb

    • SHA256

      5d5aa4f1afaa9dd98bc1317f5b8e190cf21130d465da575fac9d4fbc6b3fb3af

    • SHA512

      dffd9842de31f170c2f6d22cf067ad7f4aacd97011f0d5751071baa9011fcab90a1e6e21c3301241107efbd8b0aa40707dde0e7003082ff41cb08cdfcdc56589

    • SSDEEP

      12288:9E+M7a6xtv2uMblHYqZ8kr6Z+A2skebXul0tGsucD3SB:K+NctvvalY5e6xD30sucDiB

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks