Overview

overview

10

Static

static

3

fea8d67890...18.exe

windows7-x64

10

fea8d67890...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fea8d67890a35c1607a85f708ab3144a_JaffaCakes118

  • Size

    233KB

  • Sample

    240421-haf2tsdf7z

  • MD5

    fea8d67890a35c1607a85f708ab3144a

  • SHA1

    aa6d96204032bcef99b5c24ea91e13ddd1c21c49

  • SHA256

    978dc84bb7f09dde1c5d3adb3b7a28ed7dec8b5a8967c039d4752fda9d93af6c

  • SHA512

    9ebc219c8b3f955d0d3a068628ff62635248a3649741c493f9a9b275e8701674989634e92b50b2f911220f453eb3637f28fa72d868a09011fb526f7dd28dc3bc

  • SSDEEP

    6144:SDS2xEBsywXxY9UjclZsmBZLmaVuAZEKrTNsO9zCI:SDSGssLBY9UjtmBZL8oEcTNsej

Score
10/10
xloadersnaaloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

snaa

Decoy

ivetau.com

jupstudios.com

myvintagespecs.com

nineliveslabs.xyz

linahaljarad.com

itbling.com

bqmmw.com

danmgg.com

savalanxe.com

gasolinestation.info

blankedu.com

virginiacannabislawyer.com

jochichicago.com

herbwarts.com

bigcitygigs.com

gheeduvine.com

underwoodway.net

philosophia-perennis.club

milanodesk.com

myrandr.com

Targets

    • Target

      fea8d67890a35c1607a85f708ab3144a_JaffaCakes118

    • Size

      233KB

    • MD5

      fea8d67890a35c1607a85f708ab3144a

    • SHA1

      aa6d96204032bcef99b5c24ea91e13ddd1c21c49

    • SHA256

      978dc84bb7f09dde1c5d3adb3b7a28ed7dec8b5a8967c039d4752fda9d93af6c

    • SHA512

      9ebc219c8b3f955d0d3a068628ff62635248a3649741c493f9a9b275e8701674989634e92b50b2f911220f453eb3637f28fa72d868a09011fb526f7dd28dc3bc

    • SSDEEP

      6144:SDS2xEBsywXxY9UjclZsmBZLmaVuAZEKrTNsO9zCI:SDSGssLBY9UjtmBZL8oEcTNsej

    Score
    10/10
    xloadersnaaloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks