Overview

overview

10

Static

static

3

fea794d22d...18.exe

windows7-x64

10

fea794d22d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fea794d22d11c7eda7af63545fc5f9ba_JaffaCakes118

  • Size

    303KB

  • Sample

    240421-g8ytvsdf5y

  • MD5

    fea794d22d11c7eda7af63545fc5f9ba

  • SHA1

    7d30f8fa2652c0e36a82fbbf6a5995bdb1d056f9

  • SHA256

    72320946e28ee9117b85cb1a83e5e122c3938e4a79c9be1551595103cb2c311a

  • SHA512

    49d6b9c8b7ca35652a72f949bf4cdf5dc5f595391db052786a6333befde7dbf28afe3dd9fda177135dc90fd45c46c00826f8a936d1458e6d91b6cd146124da55

  • SSDEEP

    6144:UDsmb8RHBESKs3hnD13HIMq/3WdCVdKrL:UD8WSKsBDpaWdCi/

Score
10/10
xloaderatt3loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

att3

Decoy

oakbridgefundservices.com

fancyforts.com

coisadoce.com

learnfrommymentor.com

digitalgurughana.com

phk0.com

jantiprojeekspertiz.com

xiabyhuc.com

todayonly8.info

pgzapgmn.icu

sistemasarafranco.com

nest-estudio.com

2259.xyz

kenobi.tech

mortgageloansbyjeff.com

thameensa.com

navigators.digital

ecocleanmalta.com

advancedrecyclinginc.com

pmotriz.com

Targets

    • Target

      fea794d22d11c7eda7af63545fc5f9ba_JaffaCakes118

    • Size

      303KB

    • MD5

      fea794d22d11c7eda7af63545fc5f9ba

    • SHA1

      7d30f8fa2652c0e36a82fbbf6a5995bdb1d056f9

    • SHA256

      72320946e28ee9117b85cb1a83e5e122c3938e4a79c9be1551595103cb2c311a

    • SHA512

      49d6b9c8b7ca35652a72f949bf4cdf5dc5f595391db052786a6333befde7dbf28afe3dd9fda177135dc90fd45c46c00826f8a936d1458e6d91b6cd146124da55

    • SSDEEP

      6144:UDsmb8RHBESKs3hnD13HIMq/3WdCVdKrL:UD8WSKsBDpaWdCi/

    Score
    10/10
    xloaderatt3loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks