Overview

overview

10

Static

static

3

eab193344b...18.exe

windows7-x64

10

eab193344b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eab193344b506b1507675779ebf8c11b_JaffaCakes118

  • Size

    796KB

  • Sample

    240410-krvmnada3w

  • MD5

    eab193344b506b1507675779ebf8c11b

  • SHA1

    75a1f6b30e1e799f5d5e17f169a78872429a562e

  • SHA256

    39e07d983dda2437d04b37965671e84be2116f882c7c3a689ed137c8e2a1e10a

  • SHA512

    5c3d8733e0be02ffdcc3ea576634dd974abe9c8ae5792c21d15f75cea758b73d902b0febfc0648507a0e8cb9c650a5cbe54026a7f117b593e57b2c9a8d0d8246

  • SSDEEP

    12288:2R4KwT/HWmgmzHribIXnU1nEoJ4Vi1/ueJxfIuTyUDlID2iN:2Ry/HNgmzwj0Vi04auWUDlID1

Score
10/10
xloaderwufnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      eab193344b506b1507675779ebf8c11b_JaffaCakes118

    • Size

      796KB

    • MD5

      eab193344b506b1507675779ebf8c11b

    • SHA1

      75a1f6b30e1e799f5d5e17f169a78872429a562e

    • SHA256

      39e07d983dda2437d04b37965671e84be2116f882c7c3a689ed137c8e2a1e10a

    • SHA512

      5c3d8733e0be02ffdcc3ea576634dd974abe9c8ae5792c21d15f75cea758b73d902b0febfc0648507a0e8cb9c650a5cbe54026a7f117b593e57b2c9a8d0d8246

    • SSDEEP

      12288:2R4KwT/HWmgmzHribIXnU1nEoJ4Vi1/ueJxfIuTyUDlID2iN:2Ry/HNgmzwj0Vi04auWUDlID1

    Score
    10/10
    xloaderwufnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks