Overview

overview

10

Static

static

3

ec16f3d1dc...18.exe

windows7-x64

10

ec16f3d1dc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec16f3d1dca8c3c8366286559ae37eb3_JaffaCakes118

  • Size

    406KB

  • Sample

    240410-1y6lhafg6y

  • MD5

    ec16f3d1dca8c3c8366286559ae37eb3

  • SHA1

    ee17fabc52414bba3fc44576851358a12f15bbd8

  • SHA256

    ede2311b0dc0adf3290cba376e3d855ecd9a59b510107b48b03d30955a092e26

  • SHA512

    2d36c615141cf4e884e8f33e8aa31290ac6a332a86595a35c826066ba518a59643309634b49c5c6707daeb58274d74f278716a9ecaafbfe4215a0354d4f1f717

  • SSDEEP

    6144:WLTfzVyYWrjsCCFu3L4Ny8tyF+h74xTKlXBRkAzoJT6:efzYFBb4VtBhqiOIR

Score
10/10
xloaderrqe8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

    • Target

      ec16f3d1dca8c3c8366286559ae37eb3_JaffaCakes118

    • Size

      406KB

    • MD5

      ec16f3d1dca8c3c8366286559ae37eb3

    • SHA1

      ee17fabc52414bba3fc44576851358a12f15bbd8

    • SHA256

      ede2311b0dc0adf3290cba376e3d855ecd9a59b510107b48b03d30955a092e26

    • SHA512

      2d36c615141cf4e884e8f33e8aa31290ac6a332a86595a35c826066ba518a59643309634b49c5c6707daeb58274d74f278716a9ecaafbfe4215a0354d4f1f717

    • SSDEEP

      6144:WLTfzVyYWrjsCCFu3L4Ny8tyF+h74xTKlXBRkAzoJT6:efzYFBb4VtBhqiOIR

    Score
    10/10
    xloaderrqe8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks