Overview

overview

10

Static

static

0876543123.exe

windows7_x64

10

0876543123.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0876543123.exe

  • Size

    877KB

  • Sample

    210503-js4hjcgtkx

  • MD5

    24c3633ca4bad6a19c4e8bf886ffb107

  • SHA1

    d560ecb453a735e927fbb7d40f7e3a3500bc1f44

  • SHA256

    095c9312eb908db14dd9d8185b36172f2b3ab24452af632abbffec2a4a61332a

  • SHA512

    b666d26236c76edd479ebbce6be0ae011e76ea4856b2db6cac5c91f56c044b868ff5cdca8c30c16dbb4519ce40e04a003a2f1c23de9ce3e27f4bd1b2dfc794c4

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hysjs168.com/uv34/

Decoy

lattakia-imbiss.com

helenafinaltouch.com

yogamays.com

habangli.com

embraceblm.com

freeurlsite.com

szxanpet.com

inspirationalsblog.com

calibratefirearms.net

chelseashalza.com

ihdeuruim.com

symbolofsafety.com

albanyhumanesociety.net

exclusiveoffer.bet

888yuntu.com

maraitime.com

caletaexperience.com

dreamlikeliving.com

wolvesmito.club

zbyunjin.com

Targets

    • Target

      0876543123.exe

    • Size

      877KB

    • MD5

      24c3633ca4bad6a19c4e8bf886ffb107

    • SHA1

      d560ecb453a735e927fbb7d40f7e3a3500bc1f44

    • SHA256

      095c9312eb908db14dd9d8185b36172f2b3ab24452af632abbffec2a4a61332a

    • SHA512

      b666d26236c76edd479ebbce6be0ae011e76ea4856b2db6cac5c91f56c044b868ff5cdca8c30c16dbb4519ce40e04a003a2f1c23de9ce3e27f4bd1b2dfc794c4

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks