Overview

overview

10

Static

static

3

2ea57e03a2...18.exe

windows7-x64

10

2ea57e03a2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ea57e03a2e9da369e190a028d159045_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241009-ldq8rayapf

  • MD5

    2ea57e03a2e9da369e190a028d159045

  • SHA1

    a367485284f0f3399f6f3f8a8649ff27d72271be

  • SHA256

    19b682f4983833b4f3670a22763a06cad7476076ea99a6800e7dbc8732431fd8

  • SHA512

    9367e3b70e9c136ec59d74879332ef5d1a9342588067aa87c41a3b00a5fb188e9676f354070c4bf26b58ca40f43d6db46f18d99de613cd8d5eba673dd753678e

  • SSDEEP

    24576:tggDThVH+3nPxT6f5MBzhfyUTAXVNT2fXdvO9:ugR1+3nPF6m3fulNT2/

Score
10/10
xloaderuecudiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uecu

Decoy

ishtarhotel.com

woodstrends.icu

jalenowens.com

manno.expert

ssg1asia.com

telepathylaw.com

quickoprintnv.com

abrosnm3.com

lumberjackcatering.com

beachujamaica.com

thomasjeffersonbyrd.com

starryfinds.com

shelavish2.com

royalglamempirellc.com

deixandomeuemprego.com

alexgoestech.xyz

opticamn.com

fermanchevybrandon.com

milbodegas.info

adunarsrl.com

Targets

    • Target

      2ea57e03a2e9da369e190a028d159045_JaffaCakes118

    • Size

      1.4MB

    • MD5

      2ea57e03a2e9da369e190a028d159045

    • SHA1

      a367485284f0f3399f6f3f8a8649ff27d72271be

    • SHA256

      19b682f4983833b4f3670a22763a06cad7476076ea99a6800e7dbc8732431fd8

    • SHA512

      9367e3b70e9c136ec59d74879332ef5d1a9342588067aa87c41a3b00a5fb188e9676f354070c4bf26b58ca40f43d6db46f18d99de613cd8d5eba673dd753678e

    • SSDEEP

      24576:tggDThVH+3nPxT6f5MBzhfyUTAXVNT2fXdvO9:ugR1+3nPF6m3fulNT2/

    Score
    10/10
    xloaderuecudiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks