Overview

overview

10

Static

static

1f36b91cb5...4c.exe

windows7_x64

10

1f36b91cb5...4c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f36b91cb509815bd462aed405d2afbe26cded0fc48b34c9536e6145e51ff44c.exe

  • Size

    1.0MB

  • Sample

    210420-5j9z5vaalj

  • MD5

    60c6261496fe76453b469c0b6fb3ca60

  • SHA1

    9cc9a33be18df8cbcd44236bdbec14f82f75f92d

  • SHA256

    1f36b91cb509815bd462aed405d2afbe26cded0fc48b34c9536e6145e51ff44c

  • SHA512

    469e66aa44362f032613a888c6fe596b39b6076677012162270f5252b48c5d63cb2084df1910f5ae2ce4d711d413bd46599c1694cc3fcfcb59a65936bf63995b

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.autotrafficbot.com/evpn/

Decoy

memoriesmade-l.com

babypowah.com

usinggroovefunnels.com

qapjv.com

kp031.com

kinfet.com

markmalls.com

keithforemandesigns.com

fydia.com

jesussaysalllivesmatter.com

sarachavesportela.com

standerup.com

monthlywifi.com

productsoffholland.com

newbieadvice.com

globalnetworkautomation.com

theholisticbirthco.com

physicalrobot.com

thesouthernhomesellers.com

teamcounteract.com

Targets

    • Target

      1f36b91cb509815bd462aed405d2afbe26cded0fc48b34c9536e6145e51ff44c.exe

    • Size

      1.0MB

    • MD5

      60c6261496fe76453b469c0b6fb3ca60

    • SHA1

      9cc9a33be18df8cbcd44236bdbec14f82f75f92d

    • SHA256

      1f36b91cb509815bd462aed405d2afbe26cded0fc48b34c9536e6145e51ff44c

    • SHA512

      469e66aa44362f032613a888c6fe596b39b6076677012162270f5252b48c5d63cb2084df1910f5ae2ce4d711d413bd46599c1694cc3fcfcb59a65936bf63995b

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks