Overview

overview

10

Static

static

sa.exe

windows7_x64

10

sa.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sa.exe

  • Size

    841KB

  • Sample

    210506-235j6f91n2

  • MD5

    0aecf41f923bf5cd728a670757af61ed

  • SHA1

    57aba2a76789f270cc3a78903c1cd54ec15d2080

  • SHA256

    c6f11920b2ae7f0255d65e4b04f9944247438ee4d346dc4745f50602df41007b

  • SHA512

    ec827ca487e09e6e74451b0002c9769f882c1a162d0a0f2cfcecf7e6c3b9f2880ff7d25b8114351114a3f8bd6a83383cca183fbe44ea2db353eba10ceba2caf3

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

    • Target

      sa.exe

    • Size

      841KB

    • MD5

      0aecf41f923bf5cd728a670757af61ed

    • SHA1

      57aba2a76789f270cc3a78903c1cd54ec15d2080

    • SHA256

      c6f11920b2ae7f0255d65e4b04f9944247438ee4d346dc4745f50602df41007b

    • SHA512

      ec827ca487e09e6e74451b0002c9769f882c1a162d0a0f2cfcecf7e6c3b9f2880ff7d25b8114351114a3f8bd6a83383cca183fbe44ea2db353eba10ceba2caf3

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks