Overview

overview

10

Static

static

Inv_7623980.exe

windows7_x64

10

Inv_7623980.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv_7623980.exe

  • Size

    957KB

  • Sample

    210722-ff8w7ybv3e

  • MD5

    ac0aafad021d642a83f0e0e00f925160

  • SHA1

    9a225f4936ef458a3371e7681f942b7733d8eb25

  • SHA256

    81cbdffd1b44ca983180456d058b8eaadf51adbd19600dbbde68be7a4ef09a54

  • SHA512

    07683f8a9d789cc6e29a3ece064df8d9ba8e3d083a13c76cfeb669b75ecbfc0108669c3438a67fb9034a5fb98864680b6298d0c5506046f4d3581b08cb1d1504

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.inverservi.com/m6b5/

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

    • Target

      Inv_7623980.exe

    • Size

      957KB

    • MD5

      ac0aafad021d642a83f0e0e00f925160

    • SHA1

      9a225f4936ef458a3371e7681f942b7733d8eb25

    • SHA256

      81cbdffd1b44ca983180456d058b8eaadf51adbd19600dbbde68be7a4ef09a54

    • SHA512

      07683f8a9d789cc6e29a3ece064df8d9ba8e3d083a13c76cfeb669b75ecbfc0108669c3438a67fb9034a5fb98864680b6298d0c5506046f4d3581b08cb1d1504

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks