Overview

overview

10

Static

static

da.exe

windows7_x64

10

da.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da.exe

  • Size

    875KB

  • Sample

    210511-2ny5nlshzx

  • MD5

    9fdf605ce0358540d48502367e637b0a

  • SHA1

    1416ebf9b0382a8794bb89f5ee947ec668ce7fdb

  • SHA256

    df22601db1675ce639bc8efe21534f7371050ae9637f6cdf38bc23ae6c18efdf

  • SHA512

    a194aba3f8c20669ff741ccb59ce7b7023123e1e7984d6d6306a9099d78775ba7bdb92691c26b39522ede6f799f34e96d6b14db1e66429bea26077b95e805bf7

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

    • Target

      da.exe

    • Size

      875KB

    • MD5

      9fdf605ce0358540d48502367e637b0a

    • SHA1

      1416ebf9b0382a8794bb89f5ee947ec668ce7fdb

    • SHA256

      df22601db1675ce639bc8efe21534f7371050ae9637f6cdf38bc23ae6c18efdf

    • SHA512

      a194aba3f8c20669ff741ccb59ce7b7023123e1e7984d6d6306a9099d78775ba7bdb92691c26b39522ede6f799f34e96d6b14db1e66429bea26077b95e805bf7

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks