Overview

overview

10

Static

static

3

544ece457e...18.exe

windows7-x64

10

544ece457e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    544ece457e19d0f63969651b6a61aa49_JaffaCakes118

  • Size

    416KB

  • Sample

    240518-mw5drsfh25

  • MD5

    544ece457e19d0f63969651b6a61aa49

  • SHA1

    f7564ce804a93ee22d38669a611266eba0449878

  • SHA256

    4761bbde870190a51ffa8598c442af5b834476c02839626eebc85fc21eb94c17

  • SHA512

    0d7ecf3945d798cb577b56e8c5dad906207e484889761e1671a93d1c9b0995897faf8d9058e3e53c4c849a0c019fedf5330317d443ec2d4fbcc7dbac92deb3ea

  • SSDEEP

    12288:zE+nOoXmJLVdEtCDpz3Vw4qOJg8RlKQtSV1Hm:zEJVdEtCDpz3VO4rPKQtSHHm

Score
10/10
xloaderggb4loaderrat

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

ggb4

Decoy

page-helpdesk-submit37950.com

deathmedical.com

cr20business.com

4469783.com

shoesupweb.com

magallanes.xyz

mayfairfestival.com

obezzarazhivanie-vozduha.pro

discountsstore.store

globejetflights.com

coffeeonestop.com

telemedottawa.com

southwestcri.com

laowuts.com

menwa.online

upintothegame.com

pennypinchersinc.com

luchamosporustednj.com

thirdistheword.com

adonmarket.com

Targets

    • Target

      544ece457e19d0f63969651b6a61aa49_JaffaCakes118

    • Size

      416KB

    • MD5

      544ece457e19d0f63969651b6a61aa49

    • SHA1

      f7564ce804a93ee22d38669a611266eba0449878

    • SHA256

      4761bbde870190a51ffa8598c442af5b834476c02839626eebc85fc21eb94c17

    • SHA512

      0d7ecf3945d798cb577b56e8c5dad906207e484889761e1671a93d1c9b0995897faf8d9058e3e53c4c849a0c019fedf5330317d443ec2d4fbcc7dbac92deb3ea

    • SSDEEP

      12288:zE+nOoXmJLVdEtCDpz3Vw4qOJg8RlKQtSV1Hm:zEJVdEtCDpz3VO4rPKQtSHHm

    Score
    10/10
    xloaderggb4loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks