Overview

overview

10

Static

static

3

f977d96c98...18.exe

windows7-x64

10

f977d96c98...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f977d96c98335083d54f9b9b54fb0cd9_JaffaCakes118

  • Size

    517KB

  • Sample

    240419-ephmeshc5t

  • MD5

    f977d96c98335083d54f9b9b54fb0cd9

  • SHA1

    298da015025154518be5739918956b6b96b91090

  • SHA256

    9c9a99423087bdfd23df04a29984273ba056021ee54e815d2cd85103a9548eff

  • SHA512

    4a339d18aa36a149faecb1d6521008220f33a24177aa27ed4194ff73b57a920ab3b49ec3c2eda787325cad5a554c681fea2cf5603f37e1abaaada82cfc77768d

  • SSDEEP

    6144:7FLHgMkhBmA8L8z14cb5TrJbGAdRkx4wSsOXgMx7Dml3SjK:75SBYgWcJrJBdRkpOXk

Score
10/10
xloadermexqloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Targets

    • Target

      f977d96c98335083d54f9b9b54fb0cd9_JaffaCakes118

    • Size

      517KB

    • MD5

      f977d96c98335083d54f9b9b54fb0cd9

    • SHA1

      298da015025154518be5739918956b6b96b91090

    • SHA256

      9c9a99423087bdfd23df04a29984273ba056021ee54e815d2cd85103a9548eff

    • SHA512

      4a339d18aa36a149faecb1d6521008220f33a24177aa27ed4194ff73b57a920ab3b49ec3c2eda787325cad5a554c681fea2cf5603f37e1abaaada82cfc77768d

    • SSDEEP

      6144:7FLHgMkhBmA8L8z14cb5TrJbGAdRkx4wSsOXgMx7Dml3SjK:75SBYgWcJrJBdRkpOXk

    Score
    10/10
    xloadermexqloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks