Overview

overview

10

Static

static

f41e9f9d_b...is.exe

windows7_x64

10

f41e9f9d_b...is.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f41e9f9d_by_Libranalysis

  • Size

    795KB

  • Sample

    210507-f98p2se7qn

  • MD5

    f41e9f9d042abd206603ea79950c89c7

  • SHA1

    22648bdea073d49dfb5851033f86577ed3845cad

  • SHA256

    ea9b2854539d2bb0464d79b5a9ece95585ad1a7321e3241cf2fd1148e268d0dc

  • SHA512

    2d549b219e4d1756aa747ca4aae205c5a05b8995b5a099e9295d390c8083a03bc47b561c423206e53647973b35f1b6b88d2311ee0e9d496d7882639d2083d48f

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hatchan-nel.com/r7ai/

Decoy

9247ph.com

themkit.com

onlineodko.com

xn--6i0bo5jisluna.com

omegaclubers.com

psunix.com

r2d4.online

blackexcellenceinhistory.com

theghostfestival.com

ruthcarnall.com

lemeihu.com

danibooks.store

bellafutchh.com

lindonautogroup.com

getvocall.com

dajiangzhibo23.com

spokenpetition.com

marcosmalonso.com

nacigrowther.com

luccacomicsawards.com

Targets

    • Target

      f41e9f9d_by_Libranalysis

    • Size

      795KB

    • MD5

      f41e9f9d042abd206603ea79950c89c7

    • SHA1

      22648bdea073d49dfb5851033f86577ed3845cad

    • SHA256

      ea9b2854539d2bb0464d79b5a9ece95585ad1a7321e3241cf2fd1148e268d0dc

    • SHA512

      2d549b219e4d1756aa747ca4aae205c5a05b8995b5a099e9295d390c8083a03bc47b561c423206e53647973b35f1b6b88d2311ee0e9d496d7882639d2083d48f

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks