General

  • Target

    846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118

  • Size

    256KB

  • Sample

    240402-frjg6shc8z

  • MD5

    846d3c6c1ce0237c373de8ec0403f0e1

  • SHA1

    06fd0d16804228e0f4b50393f18d78457055a640

  • SHA256

    7946718754bb669d3c7a80e355a20047e3e87dbfa9446927ceb6fabab21847d1

  • SHA512

    d630de0d71fc09327fa09d10304168ef8704e6136f78025ce8420d6c6e048a5d91803e096f8d56c46ea42fc5d3f8cbdb02d5206bb556316b5d78391205419ee0

  • SSDEEP

    6144:F8LxBs4OJ4RU5hy+AoHXCUqalLDsktt54JnzO7eIt:/4acZOXR7xKJzv4

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqn4

Decoy

posadaluna.com

ztwl2000.com

cvmu.net

marvellouslles.com

tiromiesu.com

allinsqadminn.com

8straps.com

buyfood.store

jipodh.xyz

earthsidesoulalchemist.com

overiodize.xyz

weed.enterprises

minuseasy.com

konchord.com

14attrayanteoffre.com

brasbux.com

aog.group

hairuno.com

solheimdesign.com

cosmetictreat.com

Targets

    • Target

      846d3c6c1ce0237c373de8ec0403f0e1_JaffaCakes118

    • Size

      256KB

    • MD5

      846d3c6c1ce0237c373de8ec0403f0e1

    • SHA1

      06fd0d16804228e0f4b50393f18d78457055a640

    • SHA256

      7946718754bb669d3c7a80e355a20047e3e87dbfa9446927ceb6fabab21847d1

    • SHA512

      d630de0d71fc09327fa09d10304168ef8704e6136f78025ce8420d6c6e048a5d91803e096f8d56c46ea42fc5d3f8cbdb02d5206bb556316b5d78391205419ee0

    • SSDEEP

      6144:F8LxBs4OJ4RU5hy+AoHXCUqalLDsktt54JnzO7eIt:/4acZOXR7xKJzv4

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/envdl.dll

    • Size

      21KB

    • MD5

      4a7f4f8dddc69b711134773bc01482c5

    • SHA1

      7c3e00bfff4bcfaf2ccdce971cd247f7be3cdb0f

    • SHA256

      d12d71c87dbbe93303a1402e368e5e8827d512aa54bae78347077ca468abdbc6

    • SHA512

      19548dd1400535a606c1d6d82f7b9e6c41ecfedbeed269c7e62009f60fff12a96a24c837e8332e31d529b0a81e09e1ac470c1b7b500cc39fccae23cae12b8e2a

    • SSDEEP

      384:jnM0lcYC8SkzLuFhmRWxENbU1UpqrT5JHrqH+OC:jM0+YfSkzLuFjIwW6nHrd

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks