Overview

overview

10

Static

static

6034275419...e5.exe

windows7_x64

10

6034275419...e5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    603427541956128137111ebe540b11e5.exe

  • Size

    332KB

  • Sample

    210420-capytz1qqe

  • MD5

    603427541956128137111ebe540b11e5

  • SHA1

    6aea7925d836894e658395db61ba9bb11628c14e

  • SHA256

    852cc855a1aa63d081ebeec5fd688a3c80d50a14d80c760256c4b46208d77b8d

  • SHA512

    c66b2ba1dcc95ec4440f8ed62f98c520ee7fa4dd64fb3233b6f6b5d86576e814b72c8a5539340869f9429a861e36c05dbccc4873f93e6e7e5895738bb5ee5003

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.batiktintaemas.com/goei/

Decoy

bet365o2.com

gulf-landlord.info

foodsystemsjusticeproject.com

ronwongart.com

fwgkdhg.icu

armanrugservice.com

mapadequito.com

vbkulkarni.com

ltsbinge.com

creativem2.com

mindflexlab.com

ushealthvisa.com

247carkeyslondon.com

addthat.xyz

zanzan8.com

legendsalliance.net

shopflyonline.com

csgo-roll.net

reutbergcapital.com

mediaworkhouse.com

Targets

    • Target

      603427541956128137111ebe540b11e5.exe

    • Size

      332KB

    • MD5

      603427541956128137111ebe540b11e5

    • SHA1

      6aea7925d836894e658395db61ba9bb11628c14e

    • SHA256

      852cc855a1aa63d081ebeec5fd688a3c80d50a14d80c760256c4b46208d77b8d

    • SHA512

      c66b2ba1dcc95ec4440f8ed62f98c520ee7fa4dd64fb3233b6f6b5d86576e814b72c8a5539340869f9429a861e36c05dbccc4873f93e6e7e5895738bb5ee5003

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks