General

  • Target

    ff397e1e4722dba8ae3c8242380f7062_JaffaCakes118

  • Size

    569KB

  • Sample

    240929-ylhb2axfjq

  • MD5

    ff397e1e4722dba8ae3c8242380f7062

  • SHA1

    7a818469c2e889c030f59685aa6b424245f3c2ad

  • SHA256

    694117b21c4400edfe53b8d129cc2cdbd3cfbacb64aea3d2149dd43deb69b6b1

  • SHA512

    9da58f585342f29e9d336f4a4b59f5c6f4d53651e27563c551fe9973e350d2586b7ff28ebd94fd8161b8ab8f40d165d22e4a6b9f57c0626ecf48c57521b0e340

  • SSDEEP

    12288:aSZNW1cv0iiJS5cFsFSHli/cTSFep+dqF/nLdu8kbB7+lIoCWNc7:aKdrb5EsIHUFe7nxKNSlva7

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bu2n

Decoy

vacuummates.com

orderladolcevita.com

sumopub.net

adamerico.com

royalesalon.com

deardealta.com

bostonm.info

eugenfischer.net

xn--ah-ska.com

mahirgyan.com

termogenicodicas.com

safaacn.com

honeystreetdigital.com

taylorscontruction.com

incontrol-co.com

smtp0769.com

distinguishedcavalry.life

inthehillsinc.com

concordarabuluculuk.xyz

persommwine.com

Targets

    • Target

      RFQ_2345.exe

    • Size

      789KB

    • MD5

      3b5d2404cde0045707b58adc2eada0bc

    • SHA1

      8b6885cc398d14d264c35064da5f5c7a1563b6b5

    • SHA256

      3cd1e0124a1fd0d922c432d01e909479692e7133dc1b33b739e7b9701b03444d

    • SHA512

      b6bf4dfd354de57ffdf697dbfe97e24a3ed08ad8d1ffe7297415a994e803aef0aed9ce6afa74e823ce4517edfa816d22f95460e1f085d587f3ebcf1c4d94ca10

    • SSDEEP

      12288:fwBQSnZl+lZbAy/TYTXSNwRzli/cTSxep+dqQSnL/u8kbW7+lIBkcLxElV6iQQR1:fw18bHTcXSedUxeXnzKCSlmkmxEbP

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks