Overview

overview

10

Static

static

3

f20fdb6a62...18.exe

windows7-x64

1

f20fdb6a62...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f20fdb6a62e4769eeaf17d24b9208258_JaffaCakes118

  • Size

    743KB

  • Sample

    240415-2arywahh79

  • MD5

    f20fdb6a62e4769eeaf17d24b9208258

  • SHA1

    c2876bb0ce1383350085783bb5fe851a9b4dadf1

  • SHA256

    48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7

  • SHA512

    51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e

  • SSDEEP

    12288:TeDs1BVQh8G71a4NQDOYyTjTtmJzOHZ+vuhxCVReS1z+V49qsTll9:9+h88uDJ+ssHguz2eSPqspl9

Score
10/10
xloadere4nragilenetloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e4nr

Decoy

goldtruckclub.com

javshrimp.com

maeskhall.quest

smartlifeblockchain.net

omychiq.com

musclegearshop.com

namicoscorp.com

ncfqxxkj.com

verifique-banca.com

usadocnetwork.com

heartsurgerygroup.com

cbt-nightmares.com

libraprint.com

wh0n16.com

pompanopaintnsip.com

7aomoquzb9.com

cedse.com

karst-shop.com

target-checkbalances.com

infowebp.com

Targets

    • Target

      f20fdb6a62e4769eeaf17d24b9208258_JaffaCakes118

    • Size

      743KB

    • MD5

      f20fdb6a62e4769eeaf17d24b9208258

    • SHA1

      c2876bb0ce1383350085783bb5fe851a9b4dadf1

    • SHA256

      48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7

    • SHA512

      51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e

    • SSDEEP

      12288:TeDs1BVQh8G71a4NQDOYyTjTtmJzOHZ+vuhxCVReS1z+V49qsTll9:9+h88uDJ+ssHguz2eSPqspl9

    Score
    10/10
    xloadere4nragilenetloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks