Overview

overview

10

Static

static

3

scan-0001098.exe

windows7-x64

10

scan-0001098.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fed78acfb8c8a52155a9ef89f41961cc_JaffaCakes118

  • Size

    299KB

  • Sample

    240421-j5fj8afc2t

  • MD5

    fed78acfb8c8a52155a9ef89f41961cc

  • SHA1

    43c4a81fd2bf2e3d9c1276f817db48b0bcfeeff1

  • SHA256

    81150cd9fcc76bee00e9cff833fcef2596dffcf66a5398b4097e49da8d6ad8dc

  • SHA512

    1b25d0490f797e351767762406cd6ac69aaee327857f4a4edfa9c7726c9f33523e0e0deaaa473fa0074fea98cccc2427b4b478359bffa6ad02c7de9a4283760c

  • SSDEEP

    6144:4Uq7k2QUc9xpP9GyeoL3QmOM+1yyxfwfzJJBddAgy4nC5bP:DYQBP9Gd3m21ycfADddAB4nMP

Score
10/10
xloadernoi6loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

    • Target

      scan-0001098.exe

    • Size

      235KB

    • MD5

      24147a6909f47667067a4598f50fdfc4

    • SHA1

      29d9b920365fd2092e2d2f2ebac159882e80cb8c

    • SHA256

      32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8

    • SHA512

      e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd

    • SSDEEP

      6144:Nb8EsldTMwKkBkdES/Qlhbkw7auRZKhnyN:NQEc+9kGXQbbkUP3N

    Score
    10/10
    xloadernoi6loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks