Overview

overview

10

Static

static

PO#10244.exe

windows7_x64

10

PO#10244.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#10244.exe

  • Size

    717KB

  • Sample

    210430-fr9e5f72ss

  • MD5

    c4192fc5d072aff733b9c9e3b5d165da

  • SHA1

    2c4e6cae1c3ef562452cc4e6caebd6f5511bc11a

  • SHA256

    a42564801d666f9a210723ee247df72d71d93274e7556920957d5a98b237ab2c

  • SHA512

    c59d51540089ddd00309e328620f11386326c1687a8f2e2318e42f2fbda93d66a0153d5493971ce7eee8f624a61ef52295e729438f1d41289a393ada9f4b3613

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hysjs168.com/uv34/

Decoy

lattakia-imbiss.com

helenafinaltouch.com

yogamays.com

habangli.com

embraceblm.com

freeurlsite.com

szxanpet.com

inspirationalsblog.com

calibratefirearms.net

chelseashalza.com

ihdeuruim.com

symbolofsafety.com

albanyhumanesociety.net

exclusiveoffer.bet

888yuntu.com

maraitime.com

caletaexperience.com

dreamlikeliving.com

wolvesmito.club

zbyunjin.com

Targets

    • Target

      PO#10244.exe

    • Size

      717KB

    • MD5

      c4192fc5d072aff733b9c9e3b5d165da

    • SHA1

      2c4e6cae1c3ef562452cc4e6caebd6f5511bc11a

    • SHA256

      a42564801d666f9a210723ee247df72d71d93274e7556920957d5a98b237ab2c

    • SHA512

      c59d51540089ddd00309e328620f11386326c1687a8f2e2318e42f2fbda93d66a0153d5493971ce7eee8f624a61ef52295e729438f1d41289a393ada9f4b3613

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks