General

  • Target

    41bc8c583d9904897e2b504f127ced23_JaffaCakes118

  • Size

    256KB

  • Sample

    240330-xaftdscf46

  • MD5

    41bc8c583d9904897e2b504f127ced23

  • SHA1

    5317d2490adbde0baa35fed87dff5b29f941cd02

  • SHA256

    26a7d60148b01f0b2c57abaac977514cbc0d31606ae151f200f0b9c04fdf0ad3

  • SHA512

    a7ee54199867be352be5058b1ea187ac5f0bd0d83447f425159d5bea5f094ae30e53a6c9e42376a5d444387eed5b22e3e0b1176351e4fe3dacb78bbbb3d1e119

  • SSDEEP

    6144:F8LxBs0RFwY3VUy7Wvb6XsodOcAjtagLcZChOZYVkKcD:/iFjuEa75LcsOYV0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hr8n

Decoy

xn--z4qv1cr56dk0k.group

trend-shopping.net

redherring.agency

jeetopesekashback.xyz

myverizonbillpay.com

enjoy-developpement.com

reals-markets-34.xyz

nobadfeelings.com

libbybruce.space

noobcakes.com

silviomicalikush.xyz

taschenhimmel.guru

terradr.one

suvsangebotguenstigdeorg.com

bercatv.com

toytraderinc.com

mintnft.energy

apnagas.com

canalsidespeech.com

oporbagehi.quest

Targets

    • Target

      41bc8c583d9904897e2b504f127ced23_JaffaCakes118

    • Size

      256KB

    • MD5

      41bc8c583d9904897e2b504f127ced23

    • SHA1

      5317d2490adbde0baa35fed87dff5b29f941cd02

    • SHA256

      26a7d60148b01f0b2c57abaac977514cbc0d31606ae151f200f0b9c04fdf0ad3

    • SHA512

      a7ee54199867be352be5058b1ea187ac5f0bd0d83447f425159d5bea5f094ae30e53a6c9e42376a5d444387eed5b22e3e0b1176351e4fe3dacb78bbbb3d1e119

    • SSDEEP

      6144:F8LxBs0RFwY3VUy7Wvb6XsodOcAjtagLcZChOZYVkKcD:/iFjuEa75LcsOYV0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/pclcfdo.dll

    • Size

      22KB

    • MD5

      5083f0592bc9096bcf547e329f4c17e0

    • SHA1

      12735d4c3772cc5ae3efb52056262ff37e55f945

    • SHA256

      824fda5608b540d3bda797751450c40649565f2bf49afdc81ebfd9faa8995aa2

    • SHA512

      6f58a78962ff9bf04c05d61ab95d24cfa183a3e5288cb4365b065ae5c349baebd870987803014dc240449a360a6368ebc48184547719c80f6683cf5f0e9160c9

    • SSDEEP

      384:OenMTlcY3sNkzLuFWGu7GdKGd/ZxJGf8wPNq4htK7RvU:OeMT+YcNkzLuFnEsKsG8wVZPK7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks