General

  • Target

    9609200e202f371c2e981de8674c0374_JaffaCakes118

  • Size

    210KB

  • Sample

    240814-n97xgswcln

  • MD5

    9609200e202f371c2e981de8674c0374

  • SHA1

    7918b9b64dad3139f8b19658ab08407102c0ab38

  • SHA256

    149bc7bb666f2eabcf946822bd316709ddeeef787f059687415f98c71ad47783

  • SHA512

    1e3c7ef62291f7d5a067086d0308e9e9d85ab3904d7303b269d2b4b70998ca75795e7289277426da28af0bfef16b3fabe42175626e3123dd1d28e4256a6f9506

  • SSDEEP

    3072:4BkfJpRXATwMdFCcCbjmmLYLRX25u3foM5AQcbcKfC3icbsaLaLVMsObC6Rt:4qjI2JU6mAQ9RbjLeMsO5t

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ivay

Decoy

b4ukid.com

missioncontrol2030.com

chriswhitefoto.com

guepard-marine.com

getlauded.com

jingdonglm.com

clintlove.com

boldstrategicmedia.com

bluebay3dwdmall.com

aishag.com

forexexpoaward.com

basslakedisposal.com

bukannyaterbuai36.com

learntrhc.com

cancunpolo.com

case-cornershop.com

tahiticomplementos.com

dashanzhf.com

wholeholistichealth.com

inass-yassin.com

Targets

    • Target

      9609200e202f371c2e981de8674c0374_JaffaCakes118

    • Size

      210KB

    • MD5

      9609200e202f371c2e981de8674c0374

    • SHA1

      7918b9b64dad3139f8b19658ab08407102c0ab38

    • SHA256

      149bc7bb666f2eabcf946822bd316709ddeeef787f059687415f98c71ad47783

    • SHA512

      1e3c7ef62291f7d5a067086d0308e9e9d85ab3904d7303b269d2b4b70998ca75795e7289277426da28af0bfef16b3fabe42175626e3123dd1d28e4256a6f9506

    • SSDEEP

      3072:4BkfJpRXATwMdFCcCbjmmLYLRX25u3foM5AQcbcKfC3icbsaLaLVMsObC6Rt:4qjI2JU6mAQ9RbjLeMsO5t

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      rva11.dll

    • Size

      11KB

    • MD5

      188990101a629d59f5435a64c19b655e

    • SHA1

      c8fc89b69858fceeeb4f78a3d20cee3f6a0beb42

    • SHA256

      755ea4c08bae90f85e93cea3865580400c5dd9fe238dde5c59dfd893dcecf4f4

    • SHA512

      1e0f096551159532ad4d773639792841710c48eacca02b46c05be2c90e1e6b3f87470a3a379461694ffdfbe76509f1f7876f5c045d4bcee250e5905632506597

    • SSDEEP

      192:LbJZqY7dW36qTJPHjd9kAlndYFzLVaAVNQdIHG2SRUt7:SRqYPHjjdndUzLVhcRY7

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks