Overview

overview

10

Static

static

3

edb54a3097...18.exe

windows7-x64

10

edb54a3097...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edb54a30972b862cfba8589bb1f67c7e_JaffaCakes118

  • Size

    425KB

  • Sample

    240411-sg2bfsdh97

  • MD5

    edb54a30972b862cfba8589bb1f67c7e

  • SHA1

    7f3b9b36342bb863950e592063db38cd2c3f8bb9

  • SHA256

    856b8775a8063900378a815cd03d0f9628c4296eddd93ac9e9cd52269178c079

  • SHA512

    51f1e192a0f06472c5bf3da68e511d1112dd61a8a429aeb14c39e3d8e05b0448b5086d4367a2953b3dbbaa453faac63aa4319127aa9944e68334322cc6bc8f42

  • SSDEEP

    12288:S0SrZ2vE4MtuTN6GLMX3a9sO81joauMuB3fj:Sf2vE9tuPgHa2O8hoauMuB

Score
10/10
xloaderamb4loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

amb4

Decoy

ameerkabob.com

wenzhikeji.online

ktnsoil.xyz

dock7rods.com

simbaimmigration.com

tanahvilamalino.online

amaozn-co-jp.xyz

atahukukbafra.com

attruth.net

jigservices.net

310indianway.com

freelotto.online

mylanding-page.com

dudemealprep.com

wellmaintainedhealth.com

vitemonprenom.com

laurynfauntroy.com

pilotmom.info

arpatientsapp.com

sendangdigital.com

Targets

    • Target

      edb54a30972b862cfba8589bb1f67c7e_JaffaCakes118

    • Size

      425KB

    • MD5

      edb54a30972b862cfba8589bb1f67c7e

    • SHA1

      7f3b9b36342bb863950e592063db38cd2c3f8bb9

    • SHA256

      856b8775a8063900378a815cd03d0f9628c4296eddd93ac9e9cd52269178c079

    • SHA512

      51f1e192a0f06472c5bf3da68e511d1112dd61a8a429aeb14c39e3d8e05b0448b5086d4367a2953b3dbbaa453faac63aa4319127aa9944e68334322cc6bc8f42

    • SSDEEP

      12288:S0SrZ2vE4MtuTN6GLMX3a9sO81joauMuB3fj:Sf2vE9tuPgHa2O8hoauMuB

    Score
    10/10
    xloaderamb4loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks