Overview

overview

10

Static

static

3

fe69159c72...18.exe

windows7-x64

10

fe69159c72...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe69159c72a9f2ae7cc592a8572c3bbc_JaffaCakes118

  • Size

    232KB

  • Sample

    240421-ev8e2abb41

  • MD5

    fe69159c72a9f2ae7cc592a8572c3bbc

  • SHA1

    fa1096af31c9e6184485b59551dd5446bae348ea

  • SHA256

    d4b50f02cca2034a0feebf0145206aac100f816fba4dc91f8e8138819f46abb9

  • SHA512

    8c87abc5c0c152b53c2d0b27fbf5ff5819d3a5e89d15a836eb4b215b511490dee0b0616b3c4ff467c86c3b6633176ee06f881a6521d9d1df410fe976807676ea

  • SSDEEP

    6144:IpVix5AIws740pKNsFdWfNJDz22aMGnNUz5VF:ldLBKOzqxGNUlVF

Score
10/10
xloaderusvrloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

usvr

Decoy

theblockmeatstore.com

drone-moment.com

srsfashionbd.com

kylayagerartwork.com

instagrams.tools

rosenwealth.com

indicraftsvilla.com

rswizard.com

irist.one

pubgclaimx14.com

thegeorgiahomefinder.com

unusualdog.com

kifayatikart.com

methodunit.net

bavarian-luxury.com

17391000.com

ipcsaveday.com

yael-b.com

pasionqueconecta.com

youngsvideography.com

Targets

    • Target

      fe69159c72a9f2ae7cc592a8572c3bbc_JaffaCakes118

    • Size

      232KB

    • MD5

      fe69159c72a9f2ae7cc592a8572c3bbc

    • SHA1

      fa1096af31c9e6184485b59551dd5446bae348ea

    • SHA256

      d4b50f02cca2034a0feebf0145206aac100f816fba4dc91f8e8138819f46abb9

    • SHA512

      8c87abc5c0c152b53c2d0b27fbf5ff5819d3a5e89d15a836eb4b215b511490dee0b0616b3c4ff467c86c3b6633176ee06f881a6521d9d1df410fe976807676ea

    • SSDEEP

      6144:IpVix5AIws740pKNsFdWfNJDz22aMGnNUz5VF:ldLBKOzqxGNUlVF

    Score
    10/10
    xloaderusvrloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks