Overview

overview

10

Static

static

GLqbDRKePPp16Zr.exe

windows7_x64

10

GLqbDRKePPp16Zr.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GLqbDRKePPp16Zr.exe

  • Size

    699KB

  • Sample

    210507-3mc9fyvpen

  • MD5

    bbe5641d7a7fbbe17e103522c9ead66c

  • SHA1

    74fef268b5da950ffe194927129c707c37fd7347

  • SHA256

    4c6e43c5746182cb3cf7e928fda456101b27c8c4d277658540912500d4b06239

  • SHA512

    7aa17f1f507cf49067f033b0e95ef456f607c85422bc925a761716d1f60dab8d1525a70ce0acfd73d23289d3bc3255fa51513b7622aaf2278f80dfd6667bd64d

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.swi.tours/bmfb/

Decoy

arizonaparaprofessional.com

squareworld.club

30acresondittman.info

knowthesolution.com

contigo-psicologia.com

and.today

celticjasmine.icu

staysafescotland.com

chicksgogo.com

beconfidentagain.com

bunies3.com

klpj-estate.com

jamarp.net

ortigiarealty.com

buildurbudget.com

kenttreesurgery.com

exportproducers.com

handesanitzer.com

ivanramirez11.com

clairezolkwer.com

Targets

    • Target

      GLqbDRKePPp16Zr.exe

    • Size

      699KB

    • MD5

      bbe5641d7a7fbbe17e103522c9ead66c

    • SHA1

      74fef268b5da950ffe194927129c707c37fd7347

    • SHA256

      4c6e43c5746182cb3cf7e928fda456101b27c8c4d277658540912500d4b06239

    • SHA512

      7aa17f1f507cf49067f033b0e95ef456f607c85422bc925a761716d1f60dab8d1525a70ce0acfd73d23289d3bc3255fa51513b7622aaf2278f80dfd6667bd64d

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks