Overview

overview

10

Static

static

3

ecb6961afc...18.exe

windows7-x64

10

ecb6961afc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecb6961afcce09226b552a95c6a563ba_JaffaCakes118

  • Size

    846KB

  • Sample

    240411-flhzfsga5s

  • MD5

    ecb6961afcce09226b552a95c6a563ba

  • SHA1

    a7cd1c0b74b325665e90e9ebee79f8f6f214c683

  • SHA256

    7f0599ad186f76d0d5ae5daf5e713747281b1b631bfef0cb340b2977ed53d253

  • SHA512

    e28fa28fdf87b7a28b4550cd36bfadfdd9fee0ccb6f171f8d7cd38f5e8d68cae3216e125907868c7a743bb3af7ed46996b8108361f05103baba0ec7cb2849b1e

  • SSDEEP

    12288:RmDc9F3nC0Py3gAh/9xqIKujVs3Q27qWx9Uc0obNevohqBDfLD/Xpqlnp/Tjm:RAxoujVWx930Y0cqxZqlnd/m

Score
10/10
xloadersseeloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

    • Target

      ecb6961afcce09226b552a95c6a563ba_JaffaCakes118

    • Size

      846KB

    • MD5

      ecb6961afcce09226b552a95c6a563ba

    • SHA1

      a7cd1c0b74b325665e90e9ebee79f8f6f214c683

    • SHA256

      7f0599ad186f76d0d5ae5daf5e713747281b1b631bfef0cb340b2977ed53d253

    • SHA512

      e28fa28fdf87b7a28b4550cd36bfadfdd9fee0ccb6f171f8d7cd38f5e8d68cae3216e125907868c7a743bb3af7ed46996b8108361f05103baba0ec7cb2849b1e

    • SSDEEP

      12288:RmDc9F3nC0Py3gAh/9xqIKujVs3Q27qWx9Uc0obNevohqBDfLD/Xpqlnp/Tjm:RAxoujVWx930Y0cqxZqlnd/m

    Score
    10/10
    xloadersseeloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks