Overview

overview

10

Static

static

3

d5e15de491...18.exe

windows7-x64

10

d5e15de491...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5e15de49142f442f0932e1f0634675b_JaffaCakes118

  • Size

    478KB

  • Sample

    240405-rgbv5aeb2y

  • MD5

    d5e15de49142f442f0932e1f0634675b

  • SHA1

    1e7a8c6b4c80f75ecee044a01ad5765de9f0f78f

  • SHA256

    10a96288de8785786b009b94ee858093999c9b690991474b95455192b7622e0b

  • SHA512

    fe5e7b39628f9e57850c8ce2eb410799bb65efeb0ab70c8824c5b72f2e82649880fed1b3d64dbd23eb552a0c037272a4305b71d7ef17b64ea4dfbb44437f01e2

  • SSDEEP

    12288:DecAHyoOkNapEasXE8Q/Zd4+Fij+3G1x3DqumR9+LVizg1/X8dm6at1wuWpTx3ii:DeuaRnmRiV7pGGEj

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      d5e15de49142f442f0932e1f0634675b_JaffaCakes118

    • Size

      478KB

    • MD5

      d5e15de49142f442f0932e1f0634675b

    • SHA1

      1e7a8c6b4c80f75ecee044a01ad5765de9f0f78f

    • SHA256

      10a96288de8785786b009b94ee858093999c9b690991474b95455192b7622e0b

    • SHA512

      fe5e7b39628f9e57850c8ce2eb410799bb65efeb0ab70c8824c5b72f2e82649880fed1b3d64dbd23eb552a0c037272a4305b71d7ef17b64ea4dfbb44437f01e2

    • SSDEEP

      12288:DecAHyoOkNapEasXE8Q/Zd4+Fij+3G1x3DqumR9+LVizg1/X8dm6at1wuWpTx3ii:DeuaRnmRiV7pGGEj

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks