Overview

overview

10

Static

static

e3fb74ce40...a8.exe

windows7_x64

10

e3fb74ce40...a8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3fb74ce4008f4d48cefbb730b6885a8.exe

  • Size

    273KB

  • Sample

    210420-dqx7qeqewa

  • MD5

    e3fb74ce4008f4d48cefbb730b6885a8

  • SHA1

    2fc203f6e0cbf366a747a320545f9d3cd247c93a

  • SHA256

    6733d0ce3ad0c63755f82e7c05a815f2420cccd7f7775dd9227732f59e7fafff

  • SHA512

    520dd3aa03a808400196bdc6bab89e5cf55693104a2907f23a056fd9fc9f3f040604ce5fd0778804ff7a86f2a9b05bce2a389f28db8053d50a4a848a65345d12

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.preciousvessel.com/spj6/

Decoy

kdelchev.com

myriamward.com

megaconsulting.pro

sunglassesmu.com

hispanavisionct.com

bodaciousbuffy.com

chuhuu.com

jerexcursion.com

merkabahindustries.com

shaktiroommontreal.com

violet-moon-interior-design.com

pyrosunited.com

89xs.xyz

bestchatonline.com

cubiscoin.com

ianzu.com

playersresearch.com

digitalvl.com

baans-barw.com

yuria-rain.com

Targets

    • Target

      e3fb74ce4008f4d48cefbb730b6885a8.exe

    • Size

      273KB

    • MD5

      e3fb74ce4008f4d48cefbb730b6885a8

    • SHA1

      2fc203f6e0cbf366a747a320545f9d3cd247c93a

    • SHA256

      6733d0ce3ad0c63755f82e7c05a815f2420cccd7f7775dd9227732f59e7fafff

    • SHA512

      520dd3aa03a808400196bdc6bab89e5cf55693104a2907f23a056fd9fc9f3f040604ce5fd0778804ff7a86f2a9b05bce2a389f28db8053d50a4a848a65345d12

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks