General

  • Target

    adc061ae7d0c3e314551eb5d19102abc_JaffaCakes118

  • Size

    288KB

  • Sample

    240820-eam9cssbla

  • MD5

    adc061ae7d0c3e314551eb5d19102abc

  • SHA1

    1b714f68260af3dc9d41d6b2341a1e9b5c711aad

  • SHA256

    011d8eb0651ac5abaf961f5ac9d820aaf6b097090d7aed4c23243bba22aab598

  • SHA512

    cf7e2de87823c07fdeaec37d78fdcac595c65b3986492c129b7537221747bad90d76be2380fe90665362dbbe1acda16de37a8898e7f2f753b110f358279d347a

  • SSDEEP

    6144:tx/MDhXmawdvJQpBQ60U0BpYgbgO+Kl9GPl8:DDawdvRjuKOPi

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

feaw

Decoy

fiber.rentals

escuchatucuento.com

sieteactos.com

sacredconnexions.store

singaporefoodfactory.com

kingbet188.info

archja.com

hofisa.com

belobog.com

smdyw8.com

audi-englewood.com

passyunkpods.com

ajibean.com

paranouille.ovh

yorkmountainwinery.com

viewhomesinnorcal.com

worldwideexpat.com

always-fresh-matters.com

casaespiritaalankardec.com

artofgreatlife.com

Targets

    • Target

      2021FI30005.exe

    • Size

      226KB

    • MD5

      aaeb4ca48de2f02e82a7073f5b7845d3

    • SHA1

      fe42b6a380d09d09ca116730b167bad2ab642d82

    • SHA256

      77353f06427f5e7d0e4c28e4d5690700a2cf6789edc0f9c51682dd20bb65bf78

    • SHA512

      5e703cb507a7436b404b212fd46ae7a2c9bc935aee5f993c04bd8bc594700350016801ca957015614769c80d3a2ab80a52b7e6a08e7f8c146a01696e55259b20

    • SSDEEP

      6144:yx/MDhXmawdvJQpBQ60U0BpYgbgO+Kl9GPl8f:2DawdvRjuKOPif

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      3qk9.dll

    • Size

      10KB

    • MD5

      8f9290de28c93e280c387b72adf45543

    • SHA1

      305b45d1ca5d6de308cdc76796548a04ec677a98

    • SHA256

      75597e1e381141f1606bf96c2b7a6c5b7eb1fa3ea65e37152bdb305155776192

    • SHA512

      7c4694b53e8ad79fc78d5044528026ca3d000434a8b0121b89bfc1335c97b0a242774ed4d96b7a777fd65f034ef1a18d656dbe27967d616157912afe372a49db

    • SSDEEP

      192:WlnU0vJoAyHzUrI95m2XaM4GGI2gcfo+wZjmqT/:WlFyTUQ5m2K1GPHcDvc

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks