General

  • Target

    f8096c1b1e3cc83ecdcc58539d6b643e_JaffaCakes118

  • Size

    498KB

  • Sample

    240926-k5ehlaydnl

  • MD5

    f8096c1b1e3cc83ecdcc58539d6b643e

  • SHA1

    64ef2b5a72a1cce92fdf5f546fe8943ca1f6d365

  • SHA256

    85b20b341d86b43b4da52abf6a661f16ff07cf2f3b8701689fedcc3e036bd1a4

  • SHA512

    852c224be6cc7a85f4c5427cb607337ccf1f7a35806e68e1969e942b4679720475d21f79da4715cf1a9d40d4acc039dee88724f4f0aa967ac69aac465062e8b1

  • SSDEEP

    12288:uoebB2KGrAPC0NrqX+zFBbE5A70lwJM75ANl1:ObB2cC0Nr8G8A7wt75AN/

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u86g

Decoy

4tnoxrox.com

ff130.com

grapevinecrisiscare.com

system91.com

blondedocfabprivacypolicy.com

amphorabeverageservices.com

cvacity.info

cbghemppills.com

iowaconcertofhope.com

theilerablog.com

bg1133.com

jenniferkristinphotography.com

wnj.xyz

khdoctor.com

mittelstandsgestaltung.com

mimikis.info

my-data.pro

nativesonlabs.com

thelincmagazine.com

dsfrederick.com

Targets

    • Target

      MAERSK Shipping Information_Pdf.exe

    • Size

      570KB

    • MD5

      457b46b043654c58320fcde48282b9f6

    • SHA1

      74d83159033ac73479c21b8b0194fe92fd3e49dd

    • SHA256

      201436245bc7a5ccba11660b260ae4361b26b2e4a301491c4f2b319f8eeb9122

    • SHA512

      92b68cd4188b2e5f357a37e9c16d1dbc0f95b238127c7ce5d08f47add2e864a6b7892181bc20fffedf43f6fde23261a7e05c864314720f58c20e81c77811784e

    • SSDEEP

      12288:Nvln7HTM17QPFy4XEcHcMcZmf2SIMt+/gO40m2i9rwgLXWHCM2K4C:nUCxUacrZ1/gOLC9rl13C

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks