Overview

overview

10

Static

static

3

ee42408b7c...18.exe

windows7-x64

10

ee42408b7c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee42408b7cd2b7e02a3414032b6da8c9_JaffaCakes118

  • Size

    414KB

  • Sample

    240411-y2dc1sfc9v

  • MD5

    ee42408b7cd2b7e02a3414032b6da8c9

  • SHA1

    c2c0eca0b31eb66c6b6b27451efb101dd3a293db

  • SHA256

    575801f0135e219fa22a4e0dfeb0dfa521b66cd95ca5a876a54f8e2d974e465d

  • SHA512

    6d47826436a23824dc7ff83ece28a9ecf7eee15cec454f62ff82babb80e3cb87a0dfe088a5abd1d171c8e22e696c4fab10e56ebc0451f748deae4b48d755aa50

  • SSDEEP

    12288:EsZFi5IIyuA5qe7RZOV0fqqfV3f2tuX4nvfuWlcpPk:EsZFi5Uuvx+yqfF2069lo8

Score
10/10
xloaderqb4aloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

    • Target

      ee42408b7cd2b7e02a3414032b6da8c9_JaffaCakes118

    • Size

      414KB

    • MD5

      ee42408b7cd2b7e02a3414032b6da8c9

    • SHA1

      c2c0eca0b31eb66c6b6b27451efb101dd3a293db

    • SHA256

      575801f0135e219fa22a4e0dfeb0dfa521b66cd95ca5a876a54f8e2d974e465d

    • SHA512

      6d47826436a23824dc7ff83ece28a9ecf7eee15cec454f62ff82babb80e3cb87a0dfe088a5abd1d171c8e22e696c4fab10e56ebc0451f748deae4b48d755aa50

    • SSDEEP

      12288:EsZFi5IIyuA5qe7RZOV0fqqfV3f2tuX4nvfuWlcpPk:EsZFi5Uuvx+yqfF2069lo8

    Score
    10/10
    xloaderqb4aloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks