Overview

overview

10

Static

static

3

5c5a4fd610...18.exe

windows7-x64

10

5c5a4fd610...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c5a4fd610f0280cdd7974f05f6e9dbd_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241019-ncawgsverr

  • MD5

    5c5a4fd610f0280cdd7974f05f6e9dbd

  • SHA1

    ab1bb4fe48edf3de26ad23ff8e8c7337670e722e

  • SHA256

    0ac18a14f9f6bc187d707c10800aca93298b7ca07bdf43994875ff8d93f6d01b

  • SHA512

    48b26477cba2ec2115be77d7f962078a3d88e1b65a2b6fbdb2f670092b0a1561f5073e883d5bfb56aa8168838ebc238c6a12e449005075c77f5d382ab4b6b7a1

  • SSDEEP

    24576:tsjYgPyn9C/uG4M7yjU4++UQwgzT2fXdvOm:izK9nGb7yjQZgzT2/

Score
10/10
xloaderq4krdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

    • Target

      5c5a4fd610f0280cdd7974f05f6e9dbd_JaffaCakes118

    • Size

      1.4MB

    • MD5

      5c5a4fd610f0280cdd7974f05f6e9dbd

    • SHA1

      ab1bb4fe48edf3de26ad23ff8e8c7337670e722e

    • SHA256

      0ac18a14f9f6bc187d707c10800aca93298b7ca07bdf43994875ff8d93f6d01b

    • SHA512

      48b26477cba2ec2115be77d7f962078a3d88e1b65a2b6fbdb2f670092b0a1561f5073e883d5bfb56aa8168838ebc238c6a12e449005075c77f5d382ab4b6b7a1

    • SSDEEP

      24576:tsjYgPyn9C/uG4M7yjU4++UQwgzT2fXdvOm:izK9nGb7yjQZgzT2/

    Score
    10/10
    xloaderq4krdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks