Overview

overview

10

Static

static

SecuriteIn...45.exe

windows7_x64

10

SecuriteIn...45.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.36850358.14162.31045

  • Size

    848KB

  • Sample

    210506-3x9nj2r8an

  • MD5

    e2cce68a81438b2ceeea09aadeaddb41

  • SHA1

    5e175d1dcf82318aa059d2c0095c6bdd0c810d49

  • SHA256

    86926685c52fc0eb80f8d256eff2fd0e34b1d4580c5861ec230b90370d68b9fa

  • SHA512

    6771fbbb1f996c49ff66db7ddc83c6caccaa1685a01c83665f2e11b6c1b0946c2c7d76b16150f7ac39400ed66434be0453debbb50bd9b3bc3b91d74ae64f688a

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.montcoimmigrationlawyer.com/uoe8/

Decoy

chalance.design

certifiedlaywernj.com

bsbgraphic.com

caeka.com

zagorafinancial.com

cvingenieriacivil.net

mojilifenoosa.com

bucktheherd.net

sparkmonic.com

catherineandwilson.com

cdefenders.com

intersp.net

santoriniimpressivetours.net

arkansaspaymentrelief.com

tewab.com

bjzjgjg.com

michgoliki.com

oallahplease.com

plaisterpress.com

redyroblx.com

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.36850358.14162.31045

    • Size

      848KB

    • MD5

      e2cce68a81438b2ceeea09aadeaddb41

    • SHA1

      5e175d1dcf82318aa059d2c0095c6bdd0c810d49

    • SHA256

      86926685c52fc0eb80f8d256eff2fd0e34b1d4580c5861ec230b90370d68b9fa

    • SHA512

      6771fbbb1f996c49ff66db7ddc83c6caccaa1685a01c83665f2e11b6c1b0946c2c7d76b16150f7ac39400ed66434be0453debbb50bd9b3bc3b91d74ae64f688a

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks