Overview

overview

10

Static

static

3

fe9e7a9147...18.exe

windows7-x64

10

fe9e7a9147...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe9e7a91474537d2adc42fedac11d15d_JaffaCakes118

  • Size

    682KB

  • Sample

    240421-gwcqvsdc6x

  • MD5

    fe9e7a91474537d2adc42fedac11d15d

  • SHA1

    a934ea98df04f5aea8aba8758a5c9765e90d4788

  • SHA256

    02606ea1698ed1732e81f75e13f1fb67c316053258cf17fc77ca5256e6f2d55c

  • SHA512

    882e108c5958490e210a3898411996c2a3236451bad86296be1d2278899e6142ede9c38a7a212a5034b24cec336e0a542b32d1a8adf8747af98b400aa8f53ea8

  • SSDEEP

    12288:leZhS/oofewB91aMaTGiPpE8c4F/V5ZByHAVX:lhfeqOrckXZByHAV

Score
10/10
xloaderqw2cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qw2c

Decoy

wasix.net

arcadems.com

mostlygucci.com

sainternationals.com

shopgatherandbloom.com

glwengineeringdesign.com

riversidecottagebray.com

xn--anibalderedao-7eb3d.com

certifiedinsults.com

milestepcapital.com

globalexchange.pro

miekewrites.com

kx897.com

cesql.com

squarter.com

lambcrunchtimes.com

evoiko.com

mygrampasgarden.com

ruhan123.com

leveleab.com

Targets

    • Target

      fe9e7a91474537d2adc42fedac11d15d_JaffaCakes118

    • Size

      682KB

    • MD5

      fe9e7a91474537d2adc42fedac11d15d

    • SHA1

      a934ea98df04f5aea8aba8758a5c9765e90d4788

    • SHA256

      02606ea1698ed1732e81f75e13f1fb67c316053258cf17fc77ca5256e6f2d55c

    • SHA512

      882e108c5958490e210a3898411996c2a3236451bad86296be1d2278899e6142ede9c38a7a212a5034b24cec336e0a542b32d1a8adf8747af98b400aa8f53ea8

    • SSDEEP

      12288:leZhS/oofewB91aMaTGiPpE8c4F/V5ZByHAVX:lhfeqOrckXZByHAV

    Score
    10/10
    xloaderqw2cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks