Overview

overview

10

Static

static

3

ee61cb46b4...18.exe

windows7-x64

10

ee61cb46b4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee61cb46b439d17909a37232d4ac614b_JaffaCakes118

  • Size

    348KB

  • Sample

    240411-1ct1ksgh8s

  • MD5

    ee61cb46b439d17909a37232d4ac614b

  • SHA1

    9f9e8b7c5b287a55483aef583a058ed7af5d2fbf

  • SHA256

    fff77f3852a66a56bad4ec5bc1c1bc2afb0b08b8ea65393384a1ee6917dcb355

  • SHA512

    63295b930c804932f6cc116f93115e1519fc8d7f4944483e07c78b207cea28e60dd91dbe340231a0e96ce96fd8b727871dc3a2cfb7ad5bd1d983eff482b2eec2

  • SSDEEP

    6144:rpj55Mo7S9ekqxq/ZL4krvSooBbjYj4RvNLvVQPDRvqvY:lUoe9evxqxL4y32bjYj+vZVUDRvqw

Score
10/10
xloaderriholoaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

riho

Decoy

surfcitydawg.com

pwuq9t.com

prefectfxtrader.com

369xy.com

bjhygj888.com

cabinetfuid.com

houstondynamics.net

bertiebots.com

taboohospitality.com

fearlessthread.com

loropiana-store.online

growthventuresinc.net

artairazur.xyz

tvframesdisply.com

flammifer.biz

gtnetpro.com

b3sportaintment.com

housing-staff.net

superdelicioso.com

14mpt.xyz

Targets

    • Target

      ee61cb46b439d17909a37232d4ac614b_JaffaCakes118

    • Size

      348KB

    • MD5

      ee61cb46b439d17909a37232d4ac614b

    • SHA1

      9f9e8b7c5b287a55483aef583a058ed7af5d2fbf

    • SHA256

      fff77f3852a66a56bad4ec5bc1c1bc2afb0b08b8ea65393384a1ee6917dcb355

    • SHA512

      63295b930c804932f6cc116f93115e1519fc8d7f4944483e07c78b207cea28e60dd91dbe340231a0e96ce96fd8b727871dc3a2cfb7ad5bd1d983eff482b2eec2

    • SSDEEP

      6144:rpj55Mo7S9ekqxq/ZL4krvSooBbjYj4RvNLvVQPDRvqvY:lUoe9evxqxL4y32bjYj+vZVUDRvqw

    Score
    10/10
    xloaderriholoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks