Overview

overview

10

Static

static

b04beea706...45.exe

windows7_x64

10

b04beea706...45.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b04beea706ff2014c5eea029904a9845.exe

  • Size

    849KB

  • Sample

    210306-d1bae1rjdx

  • MD5

    b04beea706ff2014c5eea029904a9845

  • SHA1

    d7e1763bb2e9eab82e6a335fcb23f10e04fd7dd5

  • SHA256

    17dad12ff05c404eaa01cd849464c0a631051c8ba3056fe171ebfeb9e16915a8

  • SHA512

    ff83b489687416c48f926d28a623fa040408e3a2dc9019ec75442be1dbcbc66850101bf71ba0f0421862bab264e8c45c41f9bf567fa2f6002e8c00a31fa3ce25

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      b04beea706ff2014c5eea029904a9845.exe

    • Size

      849KB

    • MD5

      b04beea706ff2014c5eea029904a9845

    • SHA1

      d7e1763bb2e9eab82e6a335fcb23f10e04fd7dd5

    • SHA256

      17dad12ff05c404eaa01cd849464c0a631051c8ba3056fe171ebfeb9e16915a8

    • SHA512

      ff83b489687416c48f926d28a623fa040408e3a2dc9019ec75442be1dbcbc66850101bf71ba0f0421862bab264e8c45c41f9bf567fa2f6002e8c00a31fa3ce25

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks