Overview

overview

10

Static

static

Attached P...5..exe

windows7_x64

10

Attached P...5..exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Attached PO 30745..exe

  • Size

    339KB

  • Sample

    210306-1yvccg95c2

  • MD5

    b9e83e658b49b3bc5b0a29ce2a723178

  • SHA1

    54416740ac2491c4c1a969acc67aaf176ac149b7

  • SHA256

    8ac91a60c2a592357abacbf82b84ecaa4441c302071d04702c722befc7165350

  • SHA512

    95e836093ddb768b06093b3afbb9f99e2a48a41a3177918ee5a28d6993de6e07e04fda46d52897150088c9feb95e6eed28f0ff143c3c19d44ba50d5a9ef0ec79

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

C2

http://www.magentos.info/za004/

Decoy

meihebiotech.com

4clicksecurewipe.com

essentially-best.life

real-castings.com

ivetha.com

hczx618.com

1990sinsertcarddatabase.com

testdrive.digital

johanneroussy.com

lyhyzl.com

ajekj.com

mikima.site

tennisfaction.com

fwril.info

hancockinstituteofjazz.info

nespressoonline.com

zeehostonline.com

academychic.com

1nha.com

moneylinetees.online

Targets

    • Target

      Attached PO 30745..exe

    • Size

      339KB

    • MD5

      b9e83e658b49b3bc5b0a29ce2a723178

    • SHA1

      54416740ac2491c4c1a969acc67aaf176ac149b7

    • SHA256

      8ac91a60c2a592357abacbf82b84ecaa4441c302071d04702c722befc7165350

    • SHA512

      95e836093ddb768b06093b3afbb9f99e2a48a41a3177918ee5a28d6993de6e07e04fda46d52897150088c9feb95e6eed28f0ff143c3c19d44ba50d5a9ef0ec79

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks