Overview

overview

10

Static

static

3

ca68a998d9...18.exe

windows7-x64

10

ca68a998d9...18.exe

windows10-2004-x64

7

$PLUGINSDI...bc.dll

windows7-x64

3

$PLUGINSDI...bc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca68a998d9ed33841178fd898456fa70_JaffaCakes118

  • Size

    455KB

  • Sample

    240405-epq9kabg3v

  • MD5

    ca68a998d9ed33841178fd898456fa70

  • SHA1

    5bf8490907f77aee7999ac5826a648ac2aaf4a64

  • SHA256

    a16f2d423430943200368f83b9a96afc304d51d94e04559a456491632948799d

  • SHA512

    a2e520583dc489897db757ff113df161e0110e48122f0a5730c742dbd415f454f35dfa458016853268a0e7e0f11cc13a2490249c7a130e53bec34aa999239d6c

  • SSDEEP

    6144:VBlL/ykSl843lwnJnokuEQHV1i2OXiBa+vt8IL3AoEAS/IYWdPupQ9p3h/5PFXnN:DxSll2JQEQXxOgvRwoEJ2dWpUx/5PD

Score
10/10
xloaderb2c0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

    • Target

      ca68a998d9ed33841178fd898456fa70_JaffaCakes118

    • Size

      455KB

    • MD5

      ca68a998d9ed33841178fd898456fa70

    • SHA1

      5bf8490907f77aee7999ac5826a648ac2aaf4a64

    • SHA256

      a16f2d423430943200368f83b9a96afc304d51d94e04559a456491632948799d

    • SHA512

      a2e520583dc489897db757ff113df161e0110e48122f0a5730c742dbd415f454f35dfa458016853268a0e7e0f11cc13a2490249c7a130e53bec34aa999239d6c

    • SSDEEP

      6144:VBlL/ykSl843lwnJnokuEQHV1i2OXiBa+vt8IL3AoEAS/IYWdPupQ9p3h/5PFXnN:DxSll2JQEQXxOgvRwoEJ2dWpUx/5PD

    Score
    10/10
    xloaderb2c0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/vimwjoytbc.dll

    • Size

      24KB

    • MD5

      59d48d07a4dff9490eb5080e52b3fef5

    • SHA1

      6d7c3b754b744554e9397efd4c2529455abbddd7

    • SHA256

      63a1932abbb4a08a4c7e1d250433598fdf71f50be2686c9f4a420b57c9239f38

    • SHA512

      c58555e0a3fe97bfad6909d1ce7ecfafdca13c0936ca12adfb67cc9707a629c15bb617e03c32adcbad299d8c35a7def50003b0159cb73155b4d53c9edb2df8b0

    • SSDEEP

      384:Mreew0hDTd6lzQk+L1ukTnZs3T8XjA4gOx9EqsbrpP+AMeg:0wId6J41u0n6D8Xdw/r3M

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Tasks