Overview

overview

10

Static

static

ada8b1320a...5a.exe

windows7_x64

10

ada8b1320a...5a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ada8b1320a6f303fbd5c09d3dab2235a.exe

  • Size

    734KB

  • Sample

    210503-3ql7rlps2s

  • MD5

    ada8b1320a6f303fbd5c09d3dab2235a

  • SHA1

    127abb366bfbc70bdb90d0339333b02261eb2140

  • SHA256

    703a9d816bb422e4d2adeee4f7b6df250bf0441004c0939a03e927400420d9b9

  • SHA512

    64e7c304b70911735ad1225d9ad080805f5667b63216308906bb8d8a8463c01dfd1dc43c0b62ebca0c3eab2831d8d17889f4205bfece85e4fc0dfaaca5f98f76

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.ejsuniqueclasses.com/f0sg/

Decoy

deondevemaagua.com

highcolorchem.com

remax-pros-sd.com

smartmotiontrans.com

staltower.com

raiseamerican.com

io-tonix.com

llawenydd.com

minkladieshaircollections.com

ataria.net

roofers-baltimore.com

infinityventura.com

dvdxbase.com

babebrowpen.com

rascontractingllc.com

designingdreamshome.com

groobefunnels.com

americanstatesapparel.com

theketodesserts.com

bend-a-knee.com

Targets

    • Target

      ada8b1320a6f303fbd5c09d3dab2235a.exe

    • Size

      734KB

    • MD5

      ada8b1320a6f303fbd5c09d3dab2235a

    • SHA1

      127abb366bfbc70bdb90d0339333b02261eb2140

    • SHA256

      703a9d816bb422e4d2adeee4f7b6df250bf0441004c0939a03e927400420d9b9

    • SHA512

      64e7c304b70911735ad1225d9ad080805f5667b63216308906bb8d8a8463c01dfd1dc43c0b62ebca0c3eab2831d8d17889f4205bfece85e4fc0dfaaca5f98f76

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks