General

  • Target

    0b0d8df4742469c74d327bdae0f3490f_JaffaCakes118

  • Size

    922KB

  • Sample

    240624-2ps5gswcqd

  • MD5

    0b0d8df4742469c74d327bdae0f3490f

  • SHA1

    808e2879bddd5ba17b5397a25281820edceae745

  • SHA256

    6acad13221b8e15e7d5bcd3f3705c8da7751550bc6e6bf42fc23d17d0eda1a50

  • SHA512

    b55198c32af5fd16d06fe024eb896df1d79d7d0edacc49834a5c0afb0c344434b3d9666acc4215d40bfe6f71bf85bee434e6f3deda7c9d67a1a69b3a05ed4305

  • SSDEEP

    3072:BBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:BqjIQYGzghO3Ol68LMJQLHhTbt

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

9bwn

Decoy

italiancoastal.com

shareandfit.com

ibexacademia.com

guejek.com

vitalbizdev.com

connemaracomputers.com

surf-livre.com

styleforwoman.com

costcopaysecure.com

kingdomandqueendom.com

www-societegenerale.com

radiokerbfm.com

marylandstars.net

thechampionsday.com

beertenderb95.com

iybbshop.com

maglex.info

vh3g.asia

zaairobot.online

ryderhydros.com

Targets

    • Target

      Consignment Document PL&BL Draft.exe

    • Size

      330KB

    • MD5

      0b1f9847d93445c91cdfe0c2dd6785c7

    • SHA1

      198b30e2b098300ec51e2e7029ababff142a5e09

    • SHA256

      e92125c96b4bee95fd7b70d867271510071f812699733de75dd5e64636030314

    • SHA512

      1adaa0879bd697ba972fabe8c5407bbf8bf16ea6b55cfbdffd42128174d9f1d8ebe1444a927d0b2ae376563d927467599dfe4e254b096e0f55a5b810ff46fcc1

    • SSDEEP

      3072:NBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:NqjIQYGzghO3Ol68LMJQLHhTbt

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      yrcvb.dll

    • Size

      11KB

    • MD5

      8d80a618809cc8ce5970b0839f0e2b5a

    • SHA1

      34af09ca5aa646debe4d2bd06fd5b3c3b7a43b09

    • SHA256

      f4163107f632e0b431c38652eb297733f4f01d37576100673a47370da9221159

    • SHA512

      21bfab7002044c7b33d99de355b49357ae5c45c8781ae080a906c091621ab55e39444e3ecfe04345022ab214dd50f38df0387a3386e0442312cc614bc8b397bf

    • SSDEEP

      192:s6/In3h0bUe1nJBmKESoXIIbzuStOiKazVWGUwkcU:s6ax0B1nJBbxojuStORazsV

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks