Overview

overview

10

Static

static

3

a3eea48c7d...18.exe

windows7-x64

10

a3eea48c7d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3eea48c7d0cd1c1ac13ff3bf81ce5ff_JaffaCakes118

  • Size

    616KB

  • Sample

    240613-fwfl3svgnf

  • MD5

    a3eea48c7d0cd1c1ac13ff3bf81ce5ff

  • SHA1

    d69bed5b1751958cb9bb667539a5c6422f2c1492

  • SHA256

    d0834d9c3b1c362289e0905285aeb0b28490cc5eacb5752080c6553c75d4b00b

  • SHA512

    3a1caf398353daea530c674061be1ecba09a4ff1e8cf8aed73527baf4e7dde3f60a788bd7794faa53a770f21dd386b0dd6aa7199d5d0c7707ea102096bf59a4c

  • SSDEEP

    12288:EfkvTYBcDUiRWshAgd2ptNiNZ9c5mbjCQg2WOesJcaC:Kcjdd2m6sGQ5Wraca

Score
10/10
xloaderagwzloaderrat

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

agwz

Decoy

organicsifa.com

microlivros.com

kharestudio.com

processautomationsystem.com

359192.com

user-id06783.com

hoopletesonline.com

camrashos.com

xfgyzzm.icu

jjjllcbooking.com

ztouh.info

mynetlfis.info

honeydigi.com

claytelier.com

hbozoom.com

theleftreports.net

drmenelaou.com

ignoringracism.com

querofalardesaude.com

smithysminicharters.com

Targets

    • Target

      a3eea48c7d0cd1c1ac13ff3bf81ce5ff_JaffaCakes118

    • Size

      616KB

    • MD5

      a3eea48c7d0cd1c1ac13ff3bf81ce5ff

    • SHA1

      d69bed5b1751958cb9bb667539a5c6422f2c1492

    • SHA256

      d0834d9c3b1c362289e0905285aeb0b28490cc5eacb5752080c6553c75d4b00b

    • SHA512

      3a1caf398353daea530c674061be1ecba09a4ff1e8cf8aed73527baf4e7dde3f60a788bd7794faa53a770f21dd386b0dd6aa7199d5d0c7707ea102096bf59a4c

    • SSDEEP

      12288:EfkvTYBcDUiRWshAgd2ptNiNZ9c5mbjCQg2WOesJcaC:Kcjdd2m6sGQ5Wraca

    Score
    10/10
    xloaderagwzloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks