General

  • Target

    ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118

  • Size

    251KB

  • Sample

    240404-rpx4bsag48

  • MD5

    ba9ca6b65a6e66f291cf4fd3449e0925

  • SHA1

    2ffb987dcb591655799018dcbdb2d28735a7fae2

  • SHA256

    bb8e1d48225b002a4da7d0c33051e7fc457e244ed610f536b87702439d978a46

  • SHA512

    41f45ae87874995c41e407ea9cca6bf9d98cb5dd3711e116bd51f7cb799e9f75e65420b584dcb9d9e785e028ee1e3b6e93948297dc0df8f4cd4669b0ba6a6352

  • SSDEEP

    6144:wBlL/cwhgl1Tgx26QyVSclufJQvRFc6cRMjWIXSCW0K:CeDW2YuxQvy2SSSCW0K

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rgv6

Decoy

goodluck-shop.com

bra866.com

act2design.com

highclear.xyz

luneeatery.com

northeasttexasperio.com

lowresvideo.com

xn--gmqxk523cur2c.com

64382.online

duiqx.icu

successsuitsu.com

monarchscaffolding.com

bodybybetsy.com

bambooquotes.com

maktabeahlesunnat.com

francetempspartage.com

ivcleanse.care

vessel-wave.com

perranormalidad.com

inkhacks.com

Targets

    • Target

      ba9ca6b65a6e66f291cf4fd3449e0925_JaffaCakes118

    • Size

      251KB

    • MD5

      ba9ca6b65a6e66f291cf4fd3449e0925

    • SHA1

      2ffb987dcb591655799018dcbdb2d28735a7fae2

    • SHA256

      bb8e1d48225b002a4da7d0c33051e7fc457e244ed610f536b87702439d978a46

    • SHA512

      41f45ae87874995c41e407ea9cca6bf9d98cb5dd3711e116bd51f7cb799e9f75e65420b584dcb9d9e785e028ee1e3b6e93948297dc0df8f4cd4669b0ba6a6352

    • SSDEEP

      6144:wBlL/cwhgl1Tgx26QyVSclufJQvRFc6cRMjWIXSCW0K:CeDW2YuxQvy2SSSCW0K

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/femlcb.dll

    • Size

      32KB

    • MD5

      88bbe20c95a7e2352df7d65c94d93cf2

    • SHA1

      8c4c321d47545f1f061a87f2bd42d2a6de5b79a2

    • SHA256

      e975fcf3ad5d55c2dfc08191accebee44e4b1b61334851817c11f8676ac664d6

    • SHA512

      08e1dcaa551b4e325fa8fbf77689cc7d8e2ebc04a7d4f8650a25211b45cd8017881ca825ba8c407708a0671eb2712317afbf389c1d3e4c5deccc46290145b8fc

    • SSDEEP

      384:7zrsC2BrZ/Ocfy2Dk20vgddVxTn0NvlXrk6Oh9QZ3Q3aAGVKCwhUgn2Xw3ooY7:7cVVaorT0Nprm9G/whUgnEVR

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks