Overview

overview

10

Static

static

3

fdaa7ea645...18.exe

windows7-x64

10

fdaa7ea645...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdaa7ea645b190b5049db5e11ee65456_JaffaCakes118

  • Size

    688KB

  • Sample

    240420-z4kqjsab43

  • MD5

    fdaa7ea645b190b5049db5e11ee65456

  • SHA1

    c96956ef38e91160217379b008b4534d5c7862c6

  • SHA256

    e94ab3e9bc6dfb0889e82075cbef674de3c160a8d4bbf9b3d596381bebf492af

  • SHA512

    95cb0f1614d065db83e7ac94f9fb3587f02d72118ce2b91e7480eb801b484acca64a388eb1e2c944abdc069698d4e888307c1a2d534bfae1fd903d34a577ef9f

  • SSDEEP

    12288:DeZh7/duQkE35lyl9JTY7lVWrMQ4ZwCFaGZS2m:D8dZ5le87zWoQ4ZlaGZy

Score
10/10
xloadermej0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mej0

Decoy

mtxs8.com

quickskiplondon.com

sltplanner.com

generatedate.com

amsinspections.com

tomrings.com

109friends.com

freelovereading.com

avalapartners.com

nordiqueluxury.com

inmbex.com

everybankatm.com

bo1899.com

ashymeadow.com

pubgm-chickendinner.com

takudolunch.com

carlagremiao.com

actonetheatre.com

wemhealth.com

khasomat.net

Targets

    • Target

      fdaa7ea645b190b5049db5e11ee65456_JaffaCakes118

    • Size

      688KB

    • MD5

      fdaa7ea645b190b5049db5e11ee65456

    • SHA1

      c96956ef38e91160217379b008b4534d5c7862c6

    • SHA256

      e94ab3e9bc6dfb0889e82075cbef674de3c160a8d4bbf9b3d596381bebf492af

    • SHA512

      95cb0f1614d065db83e7ac94f9fb3587f02d72118ce2b91e7480eb801b484acca64a388eb1e2c944abdc069698d4e888307c1a2d534bfae1fd903d34a577ef9f

    • SSDEEP

      12288:DeZh7/duQkE35lyl9JTY7lVWrMQ4ZwCFaGZS2m:D8dZ5le87zWoQ4ZlaGZy

    Score
    10/10
    xloadermej0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks