Overview

overview

10

Static

static

2dde37e296...21.exe

windows7_x64

10

2dde37e296...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dde37e2961514ac44ff69b192de2421.exe

  • Size

    1.0MB

  • Sample

    210420-lycmhv54xx

  • MD5

    2dde37e2961514ac44ff69b192de2421

  • SHA1

    d4d39a6072ffe87972d0fa3353e4c4874eab0475

  • SHA256

    18609513507af97f13c81c7e733175ca027c4957f401e61d6654fc2ee7b4cf8c

  • SHA512

    8584177d18e6a5c19706d77535e5201e468b33aa5ca525f022d896a250dbb96d4ee73b04f55f12c8a318f5065b1bb3ae68dacc0d7f0d82240b833afe75085dac

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.adultpeace.com/p2io/

Decoy

essentiallyourscandles.com

cleanxcare.com

bigplatesmallwallet.com

iotcloud.technology

dmgt4m2g8y2uh.net

malcorinmobiliaria.com

thriveglucose.com

fuhaitongxin.com

magetu.info

pyithuhluttaw.net

myfavbutik.com

xzklrhy.com

anewdistraction.com

mercuryaid.net

thesoulrevitalist.com

swayam-moj.com

liminaltechnology.com

lucytime.com

alfenas.info

carmelodesign.com

Targets

    • Target

      2dde37e2961514ac44ff69b192de2421.exe

    • Size

      1.0MB

    • MD5

      2dde37e2961514ac44ff69b192de2421

    • SHA1

      d4d39a6072ffe87972d0fa3353e4c4874eab0475

    • SHA256

      18609513507af97f13c81c7e733175ca027c4957f401e61d6654fc2ee7b4cf8c

    • SHA512

      8584177d18e6a5c19706d77535e5201e468b33aa5ca525f022d896a250dbb96d4ee73b04f55f12c8a318f5065b1bb3ae68dacc0d7f0d82240b833afe75085dac

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks