General

  • Target

    92c3d7e0f19c725646dc759eeb4c36e0_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240813-mz8klathkr

  • MD5

    92c3d7e0f19c725646dc759eeb4c36e0

  • SHA1

    f8c06791ecd35bb386c8a290c5f12eb02dc68c0f

  • SHA256

    6cef6976c4f45e3d2f0fc181f4efdf9850dd260bc89367ea2dbacad087ba34d3

  • SHA512

    e0c94dd2887063a8306bc285a91aac477ab47b18dda3c6f74f3ac6187b438b9600efdde244d0327fd2889f09cd32e9cddead72e4dffd558d0da676608ed4c4cb

  • SSDEEP

    6144:Jx/MLiVFI8E2SO1l/oZzHACNIrl9F6G+WIEarFV:f1o8E2Scl4HMp9FzI9f

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

r8pp

Decoy

ishqjewelery.com

gfshanta.xyz

koolbreath.info

ukarchitecturalglazing.com

safwewds.com

padshows.net

shynebrightrentals.com

gemstonewiz.net

anteplizade.com

garbagetrucksrule.com

mybeautifulplanetblog.com

princessi.com

beautyld.com

arrival-globe.com

peach-sandbox.finance

epsb2b.com

tomp3d.net

bostonm.info

inflectionadvice.com

servicesguidedata.com

Targets

    • Target

      shed.exe

    • Size

      295KB

    • MD5

      c8b318ed16d918943d2fa406840738c4

    • SHA1

      a61153eae1a7aee1ee57128f3f7284ed6592af30

    • SHA256

      ad855c55e13ef5274a20805a3836b508c29cae12d0a2de2807aed08ed4090ddd

    • SHA512

      dbe2be95fc13c607e81093ed4da10418a8d3b761a2c38179f3a5045fd2509d3c0e3b0ee589a55f3c8691d99ab2e48bc9575b60d1a26b391fd4b6e6a59e1acc31

    • SSDEEP

      6144:Gx/MLiVFI8E2SO1l/oZzHACNIrl9F6G+WIEarFVr:61o8E2Scl4HMp9FzI9fr

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      d4xd.dll

    • Size

      10KB

    • MD5

      cc531db3ae7d662a2054f787c038762d

    • SHA1

      5f87a3836db1886d07a0d480cb7b72d89672d36a

    • SHA256

      9ca23ee06a0d89ba6a9b18bce1e3a7d94bf987df10234d2890d5e860d8a2790a

    • SHA512

      e01ddaadf0efb4f4ec556e9882d02a51666a5cef118ec617f42c75bf80abb8566a6393fd6899fc76c9537eb66ef2c081fb5eec13f13bdc2a2ee74bd1b34d5632

    • SSDEEP

      192:w1fC8d6aoXnsYIx694C+SX/FOGXyCp2X+7FTpxRkSZDm:SC+6tyQj+SXtHFpLFTpxb

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks