Overview

overview

10

Static

static

3

ec1b280b88...18.exe

windows7-x64

10

ec1b280b88...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec1b280b8817840e6017001c5acc34a4_JaffaCakes118

  • Size

    435KB

  • Sample

    240410-15zrjacg97

  • MD5

    ec1b280b8817840e6017001c5acc34a4

  • SHA1

    d1585206865b96a6a52f8ac28834eab734e161c6

  • SHA256

    bbb043c99649e90f8e609d3e1159c20a75f2f41b259f9a51d9f105157e7284ca

  • SHA512

    1062a6d3e263c9a98bde6b90460bf6ae72ce42e8efee3e845987405af1428454b177e0ef4aa654180429d01d4caf4021648928067e73ce51a89eaeec48e0d60e

  • SSDEEP

    6144:cF0pF7wmGJOJIQxDz4GL5cKCdWWUpXYHLhU+l4bEzOErxGY6rIEamFbl4VY:K0pF7wmGJOJ14GL5CU9qLKA4bjEYMy

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      ec1b280b8817840e6017001c5acc34a4_JaffaCakes118

    • Size

      435KB

    • MD5

      ec1b280b8817840e6017001c5acc34a4

    • SHA1

      d1585206865b96a6a52f8ac28834eab734e161c6

    • SHA256

      bbb043c99649e90f8e609d3e1159c20a75f2f41b259f9a51d9f105157e7284ca

    • SHA512

      1062a6d3e263c9a98bde6b90460bf6ae72ce42e8efee3e845987405af1428454b177e0ef4aa654180429d01d4caf4021648928067e73ce51a89eaeec48e0d60e

    • SSDEEP

      6144:cF0pF7wmGJOJIQxDz4GL5cKCdWWUpXYHLhU+l4bEzOErxGY6rIEamFbl4VY:K0pF7wmGJOJ14GL5CU9qLKA4bjEYMy

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks