General

  • Target

    40efdd8d2045850561ca484d01633793_JaffaCakes118

  • Size

    253KB

  • Sample

    240330-wgdf6sbg47

  • MD5

    40efdd8d2045850561ca484d01633793

  • SHA1

    26a7d116c944c709369a95a4d86eaf8813860adb

  • SHA256

    b503be7988f66c2820e5f9a13b6e53ba9b8d14011069c6c809065cf08463e22b

  • SHA512

    bece401b795fe8ec37b7dd81f55daaafce77d8096c23d9f31109eec74701ea8720aba252f17151fbcd27620758b77aac467d2e420a8cd215cb6a525362811e79

  • SSDEEP

    6144:wBlL/ciApcHmBWwKdo9STFbpzcUQ4iqmTRButukkAtwKvbwv5a:CeiDEWjV5baUNiqyRstio

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dgt9

Decoy

glimpse-media.com

crimsongomidv.xyz

seo-clicks6.com

cloudbreakhq.com

oakabbey.net

findcasinoslots.com

thehelloloveshop.com

havetsuczyli.quest

celestialtransportation.net

nianlun.wiki

valentinaturals.com

808gang.net

tykaa.com

sparoom.store

empregosbr1.online

visaractivateddprocessing.com

industriamadereraargentina.com

ekopressbrake.com

984561.com

oklahomacasinoreviews.com

Targets

    • Target

      40efdd8d2045850561ca484d01633793_JaffaCakes118

    • Size

      253KB

    • MD5

      40efdd8d2045850561ca484d01633793

    • SHA1

      26a7d116c944c709369a95a4d86eaf8813860adb

    • SHA256

      b503be7988f66c2820e5f9a13b6e53ba9b8d14011069c6c809065cf08463e22b

    • SHA512

      bece401b795fe8ec37b7dd81f55daaafce77d8096c23d9f31109eec74701ea8720aba252f17151fbcd27620758b77aac467d2e420a8cd215cb6a525362811e79

    • SSDEEP

      6144:wBlL/ciApcHmBWwKdo9STFbpzcUQ4iqmTRButukkAtwKvbwv5a:CeiDEWjV5baUNiqyRstio

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/hsrxk.dll

    • Size

      42KB

    • MD5

      68700ac207deffb6fc0b884f939b483a

    • SHA1

      0661e7515f431bdcd3395446c39c404c50380098

    • SHA256

      6e0a0802525044ec0502d3382e80da3a49a98cc5f42197d9313fca6b695f3f92

    • SHA512

      1d6d0777a896d8f3127a2f2e6953ed715d7bcd68d7148d483716cc3c9de5ae0b8fe05084b9a1f0d7997ea02f985b4f8ee3c3a1da9993a383b08cfb4e004de3b4

    • SSDEEP

      768:iYIfeZ2i7NnQ4761GU5W7wm4mPYAyETr2qlARc+GKG:iYImZT7V0Gx/f2qlARk

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks