Overview

overview

10

Static

static

3

bnh.exe

windows7-x64

3

bnh.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56bb9a9db5f392d8c7614ab4b3537951_JaffaCakes118

  • Size

    390KB

  • Sample

    241018-lprzessemj

  • MD5

    56bb9a9db5f392d8c7614ab4b3537951

  • SHA1

    3e5e31e1f8c37d74369ac09cdb0a1054c4804474

  • SHA256

    ff233af2187a5aee8d3911360eef243367c505348b896473cadb76e077d44646

  • SHA512

    49c12b6d22f9fe9f23f8d5d8eb1b57b3a5d8394aec12a6bc4b54cfd75ae037f6d0801824a534f3355f4a7fc6ff7888616de64e9bb58d2809eb044923ca7b9303

  • SSDEEP

    6144:DKmZVEKtFCy01S1uHWNF72Osooq86PO05GmmW05KZoDdEMm/dYqG/5k5cqvcbfpd:DHZVVFSWuHwyOs2wh5moDd1Y+Y6T

Score
10/10
xloadern066discoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n066

Decoy

elsegundonewhaven.com

miiways.com

tripledstones.com

innerworkshop.vision

kirkgun.com

vivabienrealty.com

estudiopedroleon.com

joannebuyproperty.com

top3wireless.com

kureex.com

theselfieplug.com

citymobileofficial.com

latestgrants.com

atomicstream.com

campingds.com

lesphere.com

kgeorgiades.com

nicktrigili.com

whds60w.com

nutricookinternational.com

Targets

    • Target

      bnh.exe

    • Size

      614KB

    • MD5

      c2927f706f2fc5d37767de3f40c8671b

    • SHA1

      457a0cbf5058152f04bcf018534646bbce2b5646

    • SHA256

      1a55fa78a001127ab3e53317fc29487b57343034496594949610a78191156519

    • SHA512

      5c37cba7f9dd2bde172daa6a61a4cd2d1395cb3dd5c8016becb13a5054908b003f416a37016f188d28db8d5e4db9199a0f9983cd52ee1a393d1a23ca75415539

    • SSDEEP

      12288:xMz3Zg6g2zuXCzXDUO03kdwTYDHiwngDa2mYj:xM766g2qSzzRDLnD2m

    Score
    10/10
    discoveryxloadern066loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks