Overview

overview

10

Static

static

3

fba751eff8...18.exe

windows7-x64

10

fba751eff8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fba751eff82d2111736684b45044ed38_JaffaCakes118

  • Size

    804KB

  • Sample

    240420-b595tseb6s

  • MD5

    fba751eff82d2111736684b45044ed38

  • SHA1

    b3727dae5024c3e7f4f11d0bde8df103c815f7e9

  • SHA256

    cf7d85d93de196b42c3efb7909e8304a2d053f11cd3ee987d6dbde1468b323f7

  • SHA512

    113385b0224dab09d0f5041d3ff47833de55b07e97c7350bfb4ff2cbf6a9385fe9451ec9ca09a80800df50f212ea7a32063d3a4b36d1b8afbc81d415f3d1ec9e

  • SSDEEP

    12288:4o6U4KPD48QihhdXBg/nB1LBKxTJtypWqZJyu6Vx+791tWPU62iN:4o6UQ8Qi9XAB1WbkZWnxi0U61

Score
10/10
xloaderp6nuloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p6nu

Decoy

oncodelogic.com

hielogram.com

zkioc.com

peercoding.com

justingagnonprivatewealth.com

jubilee-painters.com

palmeyayinevi.net

jetsetstar.com

socialbookmarking.website

pizzasofeight.com

ilinkww.com

keefeandadrienne.com

topconsolidationoffers.com

bbota.com

mytwinklinglights.com

ggr-rules.com

tianlano3.com

scientiagenus.com

shivanisharmagroup.com

humblenbundle.com

Targets

    • Target

      fba751eff82d2111736684b45044ed38_JaffaCakes118

    • Size

      804KB

    • MD5

      fba751eff82d2111736684b45044ed38

    • SHA1

      b3727dae5024c3e7f4f11d0bde8df103c815f7e9

    • SHA256

      cf7d85d93de196b42c3efb7909e8304a2d053f11cd3ee987d6dbde1468b323f7

    • SHA512

      113385b0224dab09d0f5041d3ff47833de55b07e97c7350bfb4ff2cbf6a9385fe9451ec9ca09a80800df50f212ea7a32063d3a4b36d1b8afbc81d415f3d1ec9e

    • SSDEEP

      12288:4o6U4KPD48QihhdXBg/nB1LBKxTJtypWqZJyu6Vx+791tWPU62iN:4o6UQ8Qi9XAB1WbkZWnxi0U61

    Score
    10/10
    xloaderp6nuloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks