Overview

overview

10

Static

static

63f7531687...d6.exe

windows7_x64

1

63f7531687...d6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63f7531687c49f04f91555e3aab3aad6.exe

  • Size

    612KB

  • Sample

    210420-jww6118sa2

  • MD5

    63f7531687c49f04f91555e3aab3aad6

  • SHA1

    a717914755b04cf3bd67a4b3a1872d87382d716c

  • SHA256

    75f30f3c9b6e42126a4b1cf4c86a177a1f2784c5cafcb58c6d586cd5f3f67938

  • SHA512

    8af96a927272752f20527b6cec65bc48c8d88a5cbaaa051844bf46d1481f93b31f62c5297f375ff344498002b7a4fd535110f042fd7241c26bcee27510b6ecc8

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.adultpeace.com/p2io/

Decoy

essentiallyourscandles.com

cleanxcare.com

bigplatesmallwallet.com

iotcloud.technology

dmgt4m2g8y2uh.net

malcorinmobiliaria.com

thriveglucose.com

fuhaitongxin.com

magetu.info

pyithuhluttaw.net

myfavbutik.com

xzklrhy.com

anewdistraction.com

mercuryaid.net

thesoulrevitalist.com

swayam-moj.com

liminaltechnology.com

lucytime.com

alfenas.info

carmelodesign.com

Targets

    • Target

      63f7531687c49f04f91555e3aab3aad6.exe

    • Size

      612KB

    • MD5

      63f7531687c49f04f91555e3aab3aad6

    • SHA1

      a717914755b04cf3bd67a4b3a1872d87382d716c

    • SHA256

      75f30f3c9b6e42126a4b1cf4c86a177a1f2784c5cafcb58c6d586cd5f3f67938

    • SHA512

      8af96a927272752f20527b6cec65bc48c8d88a5cbaaa051844bf46d1481f93b31f62c5297f375ff344498002b7a4fd535110f042fd7241c26bcee27510b6ecc8

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks