Overview

overview

10

Static

static

3

f1aeda7230...18.exe

windows7-x64

10

f1aeda7230...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1aeda7230a594789e453f1c79ecb109_JaffaCakes118

  • Size

    647KB

  • Sample

    240922-kseyla1dkr

  • MD5

    f1aeda7230a594789e453f1c79ecb109

  • SHA1

    ccfd3cc26c22d2bd3a7a898f8281d9ad15f16919

  • SHA256

    12cca0f706a412c3b9094a389be002b7afa465adaacefa5f70b1cefe83e33bff

  • SHA512

    b3dd5d5b37b6bfe27e5d768d60157f6a8e4415621330725c42865cb6c59906bb5aa65f09e9b40760b56227f458b4682e34ceafa8f8a77c52c2d8d8e948fd7682

  • SSDEEP

    12288:gC7ri0J3ZetpEYKD1kyVdR0ex86x+Ok6g5vk:gC3dZetpEH4eypOk6gZk

Score
10/10
xloadergh6ndiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gh6n

Decoy

cpschoolsschoology.com

thestocksforum.com

pixiewish.com

sopressd.com

muktokontha.com

tiejiabang.net

fdo.technology

kuringnl.com

barbarapastor.com

21stcenturytrading.com

digiwarung.com

canvafynyc.com

forfaitinghouse.com

3704368.com

mymonwero.com

ponpow.com

fringe.golf

heartfeltindonesia.com

defensivedrivercpc.com

allaboutgt.com

Targets

    • Target

      f1aeda7230a594789e453f1c79ecb109_JaffaCakes118

    • Size

      647KB

    • MD5

      f1aeda7230a594789e453f1c79ecb109

    • SHA1

      ccfd3cc26c22d2bd3a7a898f8281d9ad15f16919

    • SHA256

      12cca0f706a412c3b9094a389be002b7afa465adaacefa5f70b1cefe83e33bff

    • SHA512

      b3dd5d5b37b6bfe27e5d768d60157f6a8e4415621330725c42865cb6c59906bb5aa65f09e9b40760b56227f458b4682e34ceafa8f8a77c52c2d8d8e948fd7682

    • SSDEEP

      12288:gC7ri0J3ZetpEYKD1kyVdR0ex86x+Ok6g5vk:gC3dZetpEH4eypOk6gZk

    Score
    10/10
    xloadergh6ndiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks