Overview

overview

10

Static

static

Bank Details.exe

windows7_x64

10

Bank Details.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Details.exe

  • Size

    1.1MB

  • Sample

    210420-en1pae1t5j

  • MD5

    bfb651eda6ae35c7faf71897ea5957fe

  • SHA1

    53b0a31eda2c480b1c193a318a69a00a619ff071

  • SHA256

    67ad3d12a1b7bbca0e3f0d809156aaf250cde5ea7e626d32787670e6358a9b85

  • SHA512

    4d5e0ce641ba73eed1132a19726e3843f042effab62c912823c35ffd071cfc4f26c52c8023187c431c83989d1d278fa618a621088d8327b8ed952cc9d2ddace8

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.baseballisland.com/oop8/

Decoy

beidafu.net

negociosejogos.com

operation-eskimo.wtf

construccionesap.com

pitpi.net

indasc.com

kunleizz.com

dichvusocial.net

xn--80azfm8d.net

radfw.com

rahmatdigitalpro.online

osswestpoint.com

suelorefrigerante.com

cantevencandles.com

markdicas.com

thasaas.com

stclairneighbourrep.com

wzbtlm.com

clinicointegralbcn.info

lactpeel-konyu.club

Targets

    • Target

      Bank Details.exe

    • Size

      1.1MB

    • MD5

      bfb651eda6ae35c7faf71897ea5957fe

    • SHA1

      53b0a31eda2c480b1c193a318a69a00a619ff071

    • SHA256

      67ad3d12a1b7bbca0e3f0d809156aaf250cde5ea7e626d32787670e6358a9b85

    • SHA512

      4d5e0ce641ba73eed1132a19726e3843f042effab62c912823c35ffd071cfc4f26c52c8023187c431c83989d1d278fa618a621088d8327b8ed952cc9d2ddace8

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks