Overview

overview

10

Static

static

3

141fc1d81a...18.exe

windows7-x64

10

141fc1d81a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    141fc1d81ad38e6a9f6dc9f5fc3555c7_JaffaCakes118

  • Size

    225KB

  • Sample

    241004-t35rfavbrj

  • MD5

    141fc1d81ad38e6a9f6dc9f5fc3555c7

  • SHA1

    e2fc240f15b454fdf7fe456a9fabf187eb2fa5cc

  • SHA256

    823cabc43409f1fa02c24c1a453b44b032fe0880953a373e378f8084afafb3d6

  • SHA512

    c12074311ff7ff0b53cd2a6e115ddbfb0265c47ba275dae1b089145225fd2b60ceb2e1f0aea1cf36bb56fd74600507766112cc2d0281a013537a14f179b515e5

  • SSDEEP

    6144:JJlF2xhb09adjM8fVcpj4KYhNa1eGz/Tj:tF8hY9oQ8faoba1eGTTj

Score
10/10
xloaderbe5tdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

be5t

Decoy

polattayir.com

bestprinting1.com

shineandthrivecoaching.com

myassurancemaladie.com

dataspectrumresearch.com

agora-vita.com

poretrait.com

theaclass.uk

blamekd.com

khazeshop.com

letsmamatogether.com

cigarflavorban.com

xn--dkw510fa.net

bigbspcarrental.com

smartlifeinstallations.com

coffeeforusa.com

pcelectronicasas.com

viruslegacy.com

directfactoryshop.com

trinicise.com

Targets

    • Target

      141fc1d81ad38e6a9f6dc9f5fc3555c7_JaffaCakes118

    • Size

      225KB

    • MD5

      141fc1d81ad38e6a9f6dc9f5fc3555c7

    • SHA1

      e2fc240f15b454fdf7fe456a9fabf187eb2fa5cc

    • SHA256

      823cabc43409f1fa02c24c1a453b44b032fe0880953a373e378f8084afafb3d6

    • SHA512

      c12074311ff7ff0b53cd2a6e115ddbfb0265c47ba275dae1b089145225fd2b60ceb2e1f0aea1cf36bb56fd74600507766112cc2d0281a013537a14f179b515e5

    • SSDEEP

      6144:JJlF2xhb09adjM8fVcpj4KYhNa1eGz/Tj:tF8hY9oQ8faoba1eGTTj

    Score
    10/10
    xloaderbe5tdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks