Overview

overview

10

Static

static

0e947ac360...6d.exe

windows7_x64

10

0e947ac360...6d.exe

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-04-2021 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e947ac360cb2f49dd978d7b4c4f9d6d.exe

  • Size

    5.3MB

  • MD5

    0e947ac360cb2f49dd978d7b4c4f9d6d

  • SHA1

    f3aed046e7375894884411c3a99c9e9c554fa790

  • SHA256

    572e6066888624b7fa82b7bc17bbe0dc05440b4031cc71fc38f4d67a0571799e

  • SHA512

    3954aa22e97b039870ece0053a2ac3e1d8151068f32442116f4bad1f968c22983beaf3f5365623b6e3cbf299dc792c11897997c957c24c1c258c2993eeaf3552

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.kabtex.com/akcs/

Decoy

choshmardokaan.com

joint-care02.xyz

marysclues.net

filereq.com

megazila.online

prendre-soin-de-moi.com

xn--bvs066l.com

depressionreduction.com

buysellglobally.com

assetascension.com

sharmleads.com

jaambet.com

schulverwaltung.digital

incisionnetwork.com

protectalaskasballot.com

hellfrost-wow.com

soakedsaints.com

somebodystory.com

purecraft-hemp.com

wseysfgvc.icu

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
    "C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:708
    • C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
      "C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/708-114-0x00000000009A0000-0x00000000009A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-116-0x0000000007DA0000-0x0000000007DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-117-0x0000000008340000-0x0000000008341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-118-0x0000000007E40000-0x0000000007E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-119-0x0000000007E40000-0x000000000833E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/708-120-0x0000000007D40000-0x0000000007D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-121-0x0000000008050000-0x0000000008051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-122-0x0000000008840000-0x0000000008841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/708-123-0x00000000080E0000-0x00000000080F3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/708-124-0x0000000008C90000-0x0000000008D08000-memory.dmp

    Filesize

    480KB

    Download

  • memory/708-125-0x0000000005280000-0x00000000052B0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1312-126-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1312-127-0x000000000041D030-mapping.dmp

    Download

  • memory/1312-129-0x0000000001F40000-0x0000000002260000-memory.dmp

    Filesize

    3.1MB

    Download