General

  • Target

    5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118

  • Size

    252KB

  • Sample

    240331-j7pwnshb85

  • MD5

    5197fb0ac1eee3ae19fcf6117ea49e9a

  • SHA1

    465e9c4bc39f867b19f563149247d9fd6236f79b

  • SHA256

    e862c2495e79b33c27fd00a29dda3c22df6796ff8aa7fc6294216a46668f9047

  • SHA512

    816404415eca72d5ad5afec58c82d9d5d63b6abf0e8210abc03121934df8a8f7122ff38db840b779394e5d7400d9085737173014f59243efb79d93320c0cd1d9

  • SSDEEP

    6144:wBlL/cFwRcjA3MgYZhZc/vwcpV7Psk9+MctkOCtnW+aq:CeyqeMgY8vwe7J9+MctyW8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hr8n

Decoy

xn--z4qv1cr56dk0k.group

trend-shopping.net

redherring.agency

jeetopesekashback.xyz

myverizonbillpay.com

enjoy-developpement.com

reals-markets-34.xyz

nobadfeelings.com

libbybruce.space

noobcakes.com

silviomicalikush.xyz

taschenhimmel.guru

terradr.one

suvsangebotguenstigdeorg.com

bercatv.com

toytraderinc.com

mintnft.energy

apnagas.com

canalsidespeech.com

oporbagehi.quest

Targets

    • Target

      5197fb0ac1eee3ae19fcf6117ea49e9a_JaffaCakes118

    • Size

      252KB

    • MD5

      5197fb0ac1eee3ae19fcf6117ea49e9a

    • SHA1

      465e9c4bc39f867b19f563149247d9fd6236f79b

    • SHA256

      e862c2495e79b33c27fd00a29dda3c22df6796ff8aa7fc6294216a46668f9047

    • SHA512

      816404415eca72d5ad5afec58c82d9d5d63b6abf0e8210abc03121934df8a8f7122ff38db840b779394e5d7400d9085737173014f59243efb79d93320c0cd1d9

    • SSDEEP

      6144:wBlL/cFwRcjA3MgYZhZc/vwcpV7Psk9+MctkOCtnW+aq:CeyqeMgY8vwe7J9+MctyW8

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/wvjzzimk.dll

    • Size

      30KB

    • MD5

      1935d59b15993c7cd94536efaeab6262

    • SHA1

      2074147209d31d3ee234c96c84199e690dc4539d

    • SHA256

      dfe4a2815652d4d3ece8e6f0d2c9cf2a526d2560f779b38fc8dc67182ad7df24

    • SHA512

      bb06a2e81466f1581faa2d39be937315a817ea8c651e9ac4911b496e2dee690de7adbaf5a9ede8fab03ede0934b3b772ec53fe77abc13d00ba474cb2a5915130

    • SSDEEP

      384:rXW1ZONE0cHjOJwEN1EvzS24ZT7//YriYp2xftSnPJstZP8ZcJZxzXecQlxuwJ+M:rG1eE06OJwi24p7Hw/pg2NZcMcCxuy

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks