General

  • Target

    c3f2050787e70cc38227bb4489e46865_JaffaCakes118

  • Size

    248KB

  • Sample

    240404-2vtyzacf5x

  • MD5

    c3f2050787e70cc38227bb4489e46865

  • SHA1

    a6c0c399c51172400274049a0c938b9f7ad7411a

  • SHA256

    10012b6185457cc008e74c63602e39ccc862866cfecb5f2ab04b1aa9e9edde9a

  • SHA512

    5474e00a3264a5cfe51c6c5582962888f8fcc8482f423b7e5a69776c89d1de8ece6b2cf2902fe732607272b2006a6bb80a4003a3cba75b36e9628171cdb2f820

  • SSDEEP

    6144:wBlL/cunaDKUurO6gvBUnINSsHOhcUFXjE:CeunaDirO62C1s8TE

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqn4

Decoy

posadaluna.com

ztwl2000.com

cvmu.net

marvellouslles.com

tiromiesu.com

allinsqadminn.com

8straps.com

buyfood.store

jipodh.xyz

earthsidesoulalchemist.com

overiodize.xyz

weed.enterprises

minuseasy.com

konchord.com

14attrayanteoffre.com

brasbux.com

aog.group

hairuno.com

solheimdesign.com

cosmetictreat.com

Targets

    • Target

      c3f2050787e70cc38227bb4489e46865_JaffaCakes118

    • Size

      248KB

    • MD5

      c3f2050787e70cc38227bb4489e46865

    • SHA1

      a6c0c399c51172400274049a0c938b9f7ad7411a

    • SHA256

      10012b6185457cc008e74c63602e39ccc862866cfecb5f2ab04b1aa9e9edde9a

    • SHA512

      5474e00a3264a5cfe51c6c5582962888f8fcc8482f423b7e5a69776c89d1de8ece6b2cf2902fe732607272b2006a6bb80a4003a3cba75b36e9628171cdb2f820

    • SSDEEP

      6144:wBlL/cunaDKUurO6gvBUnINSsHOhcUFXjE:CeunaDirO62C1s8TE

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/zglbbz.dll

    • Size

      28KB

    • MD5

      2a4a17df7d15fbdd5d79def67aa868c4

    • SHA1

      6f213e4f6c99e9cccc6f885a1fbc208e699bd7c3

    • SHA256

      ce31d179d783748cf50244baf49d5a59643740c16c0fb77253ddf79b9b2b7048

    • SHA512

      c9bfc03e6d92645f90c2a35f5b9b42226c4651f6bdafb4d99236f966e88dba3b8188bc44630f7b73cc7817b26f28ea78b72f016dbb845604ee03f0c96a9a0e8e

    • SSDEEP

      384:g97T95oBiNHxHGEahEewcswd3MevEFmJkkdoiWgAhdiFc5/aD9eBEL2WhYTn3gdh:gdp50G0thEwIevOklfCiy5/RBE6Sr

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks