Overview

overview

10

Static

static

3

c62a556b44...18.exe

windows7-x64

10

c62a556b44...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c62a556b445ff8cf1b9e0b038a13137e_JaffaCakes118

  • Size

    344KB

  • Sample

    240405-a116pafg72

  • MD5

    c62a556b445ff8cf1b9e0b038a13137e

  • SHA1

    7fefc1609a4e66d234abb47a1536857317bdb31b

  • SHA256

    4b3af4ebfe94ecb1730c15620080935f619b6592fad681921968f986c030c0c3

  • SHA512

    c372806da30c98b047d46f8e70cce90f93829fe484ff5eb49354bd132a846ff126ea4c7024e5fae8de60c96117d940ea4fe2d6c783c67987354c7eee99c4638e

  • SSDEEP

    6144:RGvSgMkhBRG37a+v4HASv6MqvbQfkjQS3MhZg2+UZ295OiPd9QcEJ4m1x7:FSBk3e/v6MqvGBSo+A29siF3

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      c62a556b445ff8cf1b9e0b038a13137e_JaffaCakes118

    • Size

      344KB

    • MD5

      c62a556b445ff8cf1b9e0b038a13137e

    • SHA1

      7fefc1609a4e66d234abb47a1536857317bdb31b

    • SHA256

      4b3af4ebfe94ecb1730c15620080935f619b6592fad681921968f986c030c0c3

    • SHA512

      c372806da30c98b047d46f8e70cce90f93829fe484ff5eb49354bd132a846ff126ea4c7024e5fae8de60c96117d940ea4fe2d6c783c67987354c7eee99c4638e

    • SSDEEP

      6144:RGvSgMkhBRG37a+v4HASv6MqvbQfkjQS3MhZg2+UZ295OiPd9QcEJ4m1x7:FSBk3e/v6MqvGBSo+A29siF3

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks