Overview

overview

10

Static

static

3

b32efdfbbd...18.exe

windows7-x64

10

b32efdfbbd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b32efdfbbda064434979296814e8875f_JaffaCakes118

  • Size

    695KB

  • Sample

    240821-mzc4payapp

  • MD5

    b32efdfbbda064434979296814e8875f

  • SHA1

    4426d90b91dea7abf5edb514e62a247987a3d3a8

  • SHA256

    fd43374c3bef6b11ed3bd01e3830cb6c62cab1bdb3ffcf0f3c29de7151513b0a

  • SHA512

    917434772604a3aa88077c1c2abe43748a8e844d0660f4e750ce7e2d8b7fd3c13c2ac70705a05a51b3e55beb46cdc6b893da9fcbd78c916bdd0c54d76e9f6006

  • SSDEEP

    12288:fk4UKHGoWxQoilqaVql2dUYQbLbGABCBHmfsSkzPa+1oyiP+5gh:85iql2bQbLSABCZWsG+ah

Score
10/10
xloaderbw82discoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bw82

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      b32efdfbbda064434979296814e8875f_JaffaCakes118

    • Size

      695KB

    • MD5

      b32efdfbbda064434979296814e8875f

    • SHA1

      4426d90b91dea7abf5edb514e62a247987a3d3a8

    • SHA256

      fd43374c3bef6b11ed3bd01e3830cb6c62cab1bdb3ffcf0f3c29de7151513b0a

    • SHA512

      917434772604a3aa88077c1c2abe43748a8e844d0660f4e750ce7e2d8b7fd3c13c2ac70705a05a51b3e55beb46cdc6b893da9fcbd78c916bdd0c54d76e9f6006

    • SSDEEP

      12288:fk4UKHGoWxQoilqaVql2dUYQbLbGABCBHmfsSkzPa+1oyiP+5gh:85iql2bQbLSABCZWsG+ah

    Score
    10/10
    xloaderbw82discoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks