xloader | cdbc397f34c7b2bb13f08d7444e5d4eac9f9d1205eaf1b3a720c51ab76767d1e

Analysis

max time kernel
4s
max time network
11s
platform
windows7_x64
resource
win7v20210408
submitted
03-05-2021 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PI_ANTAI_PosMAC_30MT_(20210223-ANT-POSMAC)_BALANCE.exe
Size

298KB
MD5

ebd5af0375f296ad5896edaea4c31cfc
SHA1

78abada0857950b0ff101ff9822ed18c233047d3
SHA256

cdbc397f34c7b2bb13f08d7444e5d4eac9f9d1205eaf1b3a720c51ab76767d1e
SHA512

721095e041024b636b33f506ccd048ee384cf0a2280d0a949d394db0eb48f2cd2a6336fb993ade38c3c5f17448b6dabdc1d63e24c52ce77b8d76fd6c4602d8de

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

http://www.856379977.xyz/e2ci/

Decoy

payee-authorisation-3757.info

saatgaming.com

ryngltd.com

investmentbritish.site

pvsid.com

schuhenmall.com

tc1k.com

laasyaventures.com

xn--m1b3dhzlbde9b5eyap4fzd.com

bestsyst.com

mebauhanhphuc.com

studioachtsamkeit.com

magnoliarealtygranbury.house

joshcimbron.com

igaku.info

bjkhd.com

comfydawg.com

magnoliagroveapartments.com

jewelzbyl.com

qmqpe.com

Signatures

Xloader
Xloader is a rebranded version of Formbook malware.
loader xloader

Xloader Payload 2 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/1824-59-0x0000000000220000-0x0000000000249000-memory.dmp	xloader
behavioral1/memory/1824-60-0x0000000000400000-0x0000000000468000-memory.dmp	xloader

C:\Users\Admin\AppData\Local\Temp\PI_ANTAI_PosMAC_30MT_(20210223-ANT-POSMAC)_BALANCE.exe
"C:\Users\Admin\AppData\Local\Temp\PI_ANTAI_PosMAC_30MT_(20210223-ANT-POSMAC)_BALANCE.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-59-0x0000000000220000-0x0000000000249000-memory.dmp

Filesize
164KB

Download
memory/1824-60-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download