Resubmissions

05-04-2024 00:07

240405-aecwzafb22 10

05-04-2024 00:04

240405-acmy6aec6x 10

General

  • Target

    c56652c543aa599457994e0b14418046_JaffaCakes118

  • Size

    334KB

  • Sample

    240405-aecwzafb22

  • MD5

    c56652c543aa599457994e0b14418046

  • SHA1

    690a421aae7729dd2cf74a0e8eb6f80d44e4cde8

  • SHA256

    999238a8a3da6de3dbfe374f917c806b1642eb484e567355c7d1a36387bc53c1

  • SHA512

    d03466750db00c37c0705b7536c4b36092f825603695f621dd7063cc0706b52ebff53dc57d8d2c47800d4057e0795f941e743ad88cf112acfaac411f76c47df3

  • SSDEEP

    6144:9qmnA0opofmM66TCiRE06NwEFw1W+lyoTd3N55EPnCEv3OX:cmAJ+JjREl5wZzPOCEfM

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqn4

Decoy

posadaluna.com

ztwl2000.com

cvmu.net

marvellouslles.com

tiromiesu.com

allinsqadminn.com

8straps.com

buyfood.store

jipodh.xyz

earthsidesoulalchemist.com

overiodize.xyz

weed.enterprises

minuseasy.com

konchord.com

14attrayanteoffre.com

brasbux.com

aog.group

hairuno.com

solheimdesign.com

cosmetictreat.com

Targets

    • Target

      doc_0862413890.exe

    • Size

      256KB

    • MD5

      846d3c6c1ce0237c373de8ec0403f0e1

    • SHA1

      06fd0d16804228e0f4b50393f18d78457055a640

    • SHA256

      7946718754bb669d3c7a80e355a20047e3e87dbfa9446927ceb6fabab21847d1

    • SHA512

      d630de0d71fc09327fa09d10304168ef8704e6136f78025ce8420d6c6e048a5d91803e096f8d56c46ea42fc5d3f8cbdb02d5206bb556316b5d78391205419ee0

    • SSDEEP

      6144:F8LxBs4OJ4RU5hy+AoHXCUqalLDsktt54JnzO7eIt:/4acZOXR7xKJzv4

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks