Overview

overview

10

Static

static

686dc98567...de.exe

windows7_x64

10

686dc98567...de.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    686dc98567009e47eac88e95804b9dde.exe

  • Size

    172KB

  • Sample

    210722-6jp7myk7kx

  • MD5

    686dc98567009e47eac88e95804b9dde

  • SHA1

    5788c30289d12f69d5cf323049d8d3c3a3e73cda

  • SHA256

    11d84c7f9c579c2e58f4acc04d488d5f1c6cc0439609099eabec42444f5ef952

  • SHA512

    1450afd067710a6c2385858a2d4c7a0afeb02516885ec2515de696fc89c18f985097089af39708ba0e8088547f6fcc0a6285136a5175c169be764d9ec40924ce

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.extinctionbrews.com/dy8g/

Decoy

mzyxi-rkah-y.net

okinawarongnho.com

qq66520.com

nimbus.watch

cwdelrio.com

regalshopper.com

avito-payment.life

jorgeporcayo.com

galvinsky.digital

guys-only.com

asmfruits-almacenes.com

boatrace-life04.net

cochez.club

thelastvictor.net

janieleconte.com

ivoirepneus.com

saludflv.info

mydreamtv.net

austinphy.com

cajunseafoodstcloud.com

Targets

    • Target

      686dc98567009e47eac88e95804b9dde.exe

    • Size

      172KB

    • MD5

      686dc98567009e47eac88e95804b9dde

    • SHA1

      5788c30289d12f69d5cf323049d8d3c3a3e73cda

    • SHA256

      11d84c7f9c579c2e58f4acc04d488d5f1c6cc0439609099eabec42444f5ef952

    • SHA512

      1450afd067710a6c2385858a2d4c7a0afeb02516885ec2515de696fc89c18f985097089af39708ba0e8088547f6fcc0a6285136a5175c169be764d9ec40924ce

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks