Overview

overview

10

Static

static

3

f85d9eb0cf...18.exe

windows7-x64

10

f85d9eb0cf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f85d9eb0cf28a546f016ebce68f9269a_JaffaCakes118

  • Size

    754KB

  • Sample

    240418-t5mnmshg33

  • MD5

    f85d9eb0cf28a546f016ebce68f9269a

  • SHA1

    6ed691cc909f17d7c289eec4542a067939877aaf

  • SHA256

    83fb913f2698b853cb1ef1d9bd54bf06c7bd660028f1440d3c080c02ab4b9f1e

  • SHA512

    3c719f6b524d7c2827623ae458e6a405d73229fced90211eab677da4eee936b06c05cade253f32e993dff05334687b64ffa0cc8045fef00b57649dfb92ebdcdd

  • SSDEEP

    12288:vY8iOa950YM/676897lMg5Comh3seWiF9+Q+e6F:/Yw67psg5G3VFdM

Score
10/10
xloadermej0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mej0

Decoy

mtxs8.com

quickskiplondon.com

sltplanner.com

generatedate.com

amsinspections.com

tomrings.com

109friends.com

freelovereading.com

avalapartners.com

nordiqueluxury.com

inmbex.com

everybankatm.com

bo1899.com

ashymeadow.com

pubgm-chickendinner.com

takudolunch.com

carlagremiao.com

actonetheatre.com

wemhealth.com

khasomat.net

Targets

    • Target

      f85d9eb0cf28a546f016ebce68f9269a_JaffaCakes118

    • Size

      754KB

    • MD5

      f85d9eb0cf28a546f016ebce68f9269a

    • SHA1

      6ed691cc909f17d7c289eec4542a067939877aaf

    • SHA256

      83fb913f2698b853cb1ef1d9bd54bf06c7bd660028f1440d3c080c02ab4b9f1e

    • SHA512

      3c719f6b524d7c2827623ae458e6a405d73229fced90211eab677da4eee936b06c05cade253f32e993dff05334687b64ffa0cc8045fef00b57649dfb92ebdcdd

    • SSDEEP

      12288:vY8iOa950YM/676897lMg5Comh3seWiF9+Q+e6F:/Yw67psg5G3VFdM

    Score
    10/10
    xloadermej0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks