Overview

overview

10

Static

static

PO#41000055885.exe

windows7_x64

10

PO#41000055885.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#41000055885.exe

  • Size

    614KB

  • Sample

    210408-xptcjdypk6

  • MD5

    1d4e4ee2d0a92c53c7fce63856b1673c

  • SHA1

    a6ba93e1f1a03ce02c061b58df8bbaf2a6a94dcf

  • SHA256

    ff76b56bee6607aa59a49b6b5ef4a27b73ad17df228a1d408ceefc810ac74e9f

  • SHA512

    eef8b617aa67600317202fd4af6f364347aa60ac8c6bbb6308f4e38128e61afcf65b9c1b155f05ded3aecebdf76f9758a2a9c88d80cb8e764343b1197e907cee

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.walkinginsky.com/s2oc/

Decoy

torbellinodecolores.com

ffdxatgi.xyz

navnneetskhandpura.com

billpollakwritingandediting.com

newbreedonly.com

shopybee.online

greyttzumessen.com

byszj.com

photosth.com

servicestouchonlineinfo.info

ponygirlskate.com

themelaninkloset.com

portovibe.com

stretching-30days.tech

resportly.com

maharashtrasamajbhopal.com

worldofhomekit.com

hindsightmediagroup.com

orchardalley.com

isygram.com

Targets

    • Target

      PO#41000055885.exe

    • Size

      614KB

    • MD5

      1d4e4ee2d0a92c53c7fce63856b1673c

    • SHA1

      a6ba93e1f1a03ce02c061b58df8bbaf2a6a94dcf

    • SHA256

      ff76b56bee6607aa59a49b6b5ef4a27b73ad17df228a1d408ceefc810ac74e9f

    • SHA512

      eef8b617aa67600317202fd4af6f364347aa60ac8c6bbb6308f4e38128e61afcf65b9c1b155f05ded3aecebdf76f9758a2a9c88d80cb8e764343b1197e907cee

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks