Overview

overview

10

Static

static

5479c43c_b...is.exe

windows7_x64

10

5479c43c_b...is.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5479c43c_by_Libranalysis

  • Size

    759KB

  • Sample

    210505-55pt3pgs3e

  • MD5

    5479c43c28d4286d39041482778a9c82

  • SHA1

    4accc679c637a8ec24956db8990c4042cc402131

  • SHA256

    8855c73a66320b1d62c22f7af62feb301d13e4b68f4edfba64bf47473ad58c4a

  • SHA512

    a1a8666f43468dcc5569a59f9c31beff715fe185885dd0ec6643b119e2ae533040644a960b7ae1dee08008d05f2ed07d3e3e745abdb8a9751a2f711191eea9dc

Score
10/10
xloaderloaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.austinenglishtutor.com/ipio/

Decoy

fatiguemanager.co.uk

malignment.com

fashionashton.com

soawstservices.com

gardengarages.com

affirm.digital

savetheboxes.com

stepupjam.net

sassyfurbaby.com

rarecares.institute

hisarsteel.com

thespotifygrowthguide.com

111indianbend.com

kizilaykorkuevi.com

zeegostar.com

scuolateatroarsenale.com

dyaspaar.com

no1jt.com

gain2020live.com

dearhim.com

Targets

    • Target

      5479c43c_by_Libranalysis

    • Size

      759KB

    • MD5

      5479c43c28d4286d39041482778a9c82

    • SHA1

      4accc679c637a8ec24956db8990c4042cc402131

    • SHA256

      8855c73a66320b1d62c22f7af62feb301d13e4b68f4edfba64bf47473ad58c4a

    • SHA512

      a1a8666f43468dcc5569a59f9c31beff715fe185885dd0ec6643b119e2ae533040644a960b7ae1dee08008d05f2ed07d3e3e745abdb8a9751a2f711191eea9dc

    Score
    10/10
    xloaderloaderpersistencerat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks