Overview

overview

10

Static

static

3

e6d4647120...18.exe

windows7-x64

10

e6d4647120...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6d4647120718672e95e07913988ace9_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240408-g56ejaaf86

  • MD5

    e6d4647120718672e95e07913988ace9

  • SHA1

    245239c43c3146ee41de1f46528cea3f26f1a6b0

  • SHA256

    b61e941f98080f431ec35c165703e2d18957fcc2b386286eeaa7a274ded8e0b3

  • SHA512

    6af5c0f30a1813bca04216f04bf370f2ce008353fbb31f250aace6007fe29f959eb82f046b8ae3ee131d580f8af8d15174f427782c3175f35d99ee0503e517eb

  • SSDEEP

    12288:PxU4yNKC3L//TuZErIbjSmoXE2luLHPKHW2kQQStKe41OexZnyV+:P+HKSLKZHbVoX3uLHPKW7/

Score
10/10
xloaderipa8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

    • Target

      e6d4647120718672e95e07913988ace9_JaffaCakes118

    • Size

      1.1MB

    • MD5

      e6d4647120718672e95e07913988ace9

    • SHA1

      245239c43c3146ee41de1f46528cea3f26f1a6b0

    • SHA256

      b61e941f98080f431ec35c165703e2d18957fcc2b386286eeaa7a274ded8e0b3

    • SHA512

      6af5c0f30a1813bca04216f04bf370f2ce008353fbb31f250aace6007fe29f959eb82f046b8ae3ee131d580f8af8d15174f427782c3175f35d99ee0503e517eb

    • SSDEEP

      12288:PxU4yNKC3L//TuZErIbjSmoXE2luLHPKHW2kQQStKe41OexZnyV+:P+HKSLKZHbVoX3uLHPKW7/

    Score
    10/10
    xloaderipa8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks