Overview

overview

10

Static

static

3

eee74ecebe...18.exe

windows7-x64

10

eee74ecebe...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eee74ecebe1db0d00c91e42c8f9d4291_JaffaCakes118

  • Size

    294KB

  • Sample

    240412-cr862sff3v

  • MD5

    eee74ecebe1db0d00c91e42c8f9d4291

  • SHA1

    cf189ab83818e7ce393e684e35a32523a89bb79b

  • SHA256

    71e6e7d336cab608f2a3f0c6535a2ba1e0b0ec7b505c8f079f6d340f1c28dea8

  • SHA512

    2d20d910d31fa39a929be31bcf222c0922dd989ee3593c223cf0a1ed8c16eb1fd9c03a6e928ed7e2f6b6b908518b87b42404880dde7ec6e80970abc704e1ff5b

  • SSDEEP

    6144:L6IXCyvGniwEKbnsoqoo6tynz5Sdl+23i9IfX71+GWiUlXnCw:TXDvhwZrASynkdQUi9Iv7hW3Cw

Score
10/10
xloaderqb4aloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

    • Target

      eee74ecebe1db0d00c91e42c8f9d4291_JaffaCakes118

    • Size

      294KB

    • MD5

      eee74ecebe1db0d00c91e42c8f9d4291

    • SHA1

      cf189ab83818e7ce393e684e35a32523a89bb79b

    • SHA256

      71e6e7d336cab608f2a3f0c6535a2ba1e0b0ec7b505c8f079f6d340f1c28dea8

    • SHA512

      2d20d910d31fa39a929be31bcf222c0922dd989ee3593c223cf0a1ed8c16eb1fd9c03a6e928ed7e2f6b6b908518b87b42404880dde7ec6e80970abc704e1ff5b

    • SSDEEP

      6144:L6IXCyvGniwEKbnsoqoo6tynz5Sdl+23i9IfX71+GWiUlXnCw:TXDvhwZrASynkdQUi9Iv7hW3Cw

    Score
    10/10
    xloaderqb4aloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks