Overview

overview

10

Static

static

3

f3df2367a7...18.exe

windows7-x64

10

f3df2367a7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3df2367a79e7f135a7ddaefb423ae40_JaffaCakes118

  • Size

    229KB

  • Sample

    240416-t1zseaeg97

  • MD5

    f3df2367a79e7f135a7ddaefb423ae40

  • SHA1

    a08be77c9e91a124e251155643086b3a91f0364c

  • SHA256

    0f09b5a5ad2bf792ed543e2b170d969e40591157ed92b5766c3cc3ab7deb2df1

  • SHA512

    7fac3bf55ceecb2c6c81d65485098164de00f977415b349dc198c2ef9145792032b9a27302e2cc1c1c1e7d5d33c9dfeb38d6c530f6d26e5f6e2eb505b0f64244

  • SSDEEP

    6144:r0FCoUQZijcU2cYM7bEp+CyMNtark1pDXPw56x3u:w7UH2cYM7c+C9ZbXPrk

Score
10/10
xloadernoi6loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

    • Target

      f3df2367a79e7f135a7ddaefb423ae40_JaffaCakes118

    • Size

      229KB

    • MD5

      f3df2367a79e7f135a7ddaefb423ae40

    • SHA1

      a08be77c9e91a124e251155643086b3a91f0364c

    • SHA256

      0f09b5a5ad2bf792ed543e2b170d969e40591157ed92b5766c3cc3ab7deb2df1

    • SHA512

      7fac3bf55ceecb2c6c81d65485098164de00f977415b349dc198c2ef9145792032b9a27302e2cc1c1c1e7d5d33c9dfeb38d6c530f6d26e5f6e2eb505b0f64244

    • SSDEEP

      6144:r0FCoUQZijcU2cYM7bEp+CyMNtark1pDXPw56x3u:w7UH2cYM7c+C9ZbXPrk

    Score
    10/10
    xloadernoi6loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks