Overview

overview

10

Static

static

3

f84e59e426...18.exe

windows7-x64

10

f84e59e426...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f84e59e42690ede739531d41ebea3d07_JaffaCakes118

  • Size

    712KB

  • Sample

    240418-sz38rsaa5y

  • MD5

    f84e59e42690ede739531d41ebea3d07

  • SHA1

    03544033cdd8cf9c911e3bad6095da4256495606

  • SHA256

    a42fcf07a49813ee9169d0c3e69fd3b7dd98a2d3316d9861dcc8de4caa7487cd

  • SHA512

    0155f02751e5dd487e4550ae52fb0d1d4e0a205ae1f250920150bdab495e909ccb47b984645d915b37a4aea8f39bcef5ea50c89d8810fc10e99aac842991a9e9

  • SSDEEP

    12288:IFfumitB/fZhhgDweuBiMkk5i5jcQnmQ9AuchIOixdTVIzUUP1AUnzUSM/:IFWXzePuUMkB5jcsmQ9A5jiPWzZ

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      f84e59e42690ede739531d41ebea3d07_JaffaCakes118

    • Size

      712KB

    • MD5

      f84e59e42690ede739531d41ebea3d07

    • SHA1

      03544033cdd8cf9c911e3bad6095da4256495606

    • SHA256

      a42fcf07a49813ee9169d0c3e69fd3b7dd98a2d3316d9861dcc8de4caa7487cd

    • SHA512

      0155f02751e5dd487e4550ae52fb0d1d4e0a205ae1f250920150bdab495e909ccb47b984645d915b37a4aea8f39bcef5ea50c89d8810fc10e99aac842991a9e9

    • SSDEEP

      12288:IFfumitB/fZhhgDweuBiMkk5i5jcQnmQ9AuchIOixdTVIzUUP1AUnzUSM/:IFWXzePuUMkB5jcsmQ9A5jiPWzZ

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks