Overview

overview

10

Static

static

winlog.exe

windows7_x64

10

winlog.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winlog.exe

  • Size

    696KB

  • Sample

    210507-3zsllpbbks

  • MD5

    5d2f26ac6b48725279d98aa87eff8506

  • SHA1

    7ab3874eb9d316a503133367b12d3628e6dbe264

  • SHA256

    06bed76c389db454d5b86a64bf7127a21c013b48d79b3b83511263c424f5cf65

  • SHA512

    e81c607ee870bde0e5a84714f1634e19f6959d1f46a4d5ffea2baeba241712ca4f2e2bdf4f6c8794db7b35216ded5d52743b7faac75d3382dd58f88e24294e41

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.zlzntiayc.icu/a6ru/

Decoy

noseainsight.com

chateaudedigoine.com

tezhonda.com

lowergwyeneddmassage.com

convenienttext.com

quickbookaccountingpros.com

mashburneventcenter.com

marthabymsfashion.com

thearcadela.com

invisiblefingerprint.com

nikadoo.com

artsmartclinton.com

elitetouringinnovations.com

atualizarapp2020.com

nideke1.com

fyj-sh.com

rufflesales.com

algemixdelchef.com

appleoneplus.com

ryosuketanikawa.com

Targets

    • Target

      winlog.exe

    • Size

      696KB

    • MD5

      5d2f26ac6b48725279d98aa87eff8506

    • SHA1

      7ab3874eb9d316a503133367b12d3628e6dbe264

    • SHA256

      06bed76c389db454d5b86a64bf7127a21c013b48d79b3b83511263c424f5cf65

    • SHA512

      e81c607ee870bde0e5a84714f1634e19f6959d1f46a4d5ffea2baeba241712ca4f2e2bdf4f6c8794db7b35216ded5d52743b7faac75d3382dd58f88e24294e41

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks