Overview

overview

10

Static

static

NQBNpLezqZKv1P4.exe

windows7_x64

10

NQBNpLezqZKv1P4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NQBNpLezqZKv1P4.exe

  • Size

    697KB

  • Sample

    210722-mlj8aw97c2

  • MD5

    f03bf8d3ecc2ae4b40f836c59ac09bdf

  • SHA1

    58f48a5a960eac4ee1f33ea16075cfd44f37b3a3

  • SHA256

    2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1

  • SHA512

    9d174091b1bfb2e38da7cfb521bd5c6e471edb348e8e1c5cddd3b0784be6cd167617277c099d28927f97a24ee6a4e74d62e659dea23264d3c4ec738e6cee0255

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.extraclass.xyz/4nn8/

Decoy

chamtowon.com

yaaquu.com

thepettybox.com

zrcezzfdfkyjlir.com

finalcutgrowshop.com

856381151.xyz

fbgroupsmadesimple.com

thinktank-texas.com

shoppingsys.com

natezubal.com

skyhighbud.com

toddlely.net

bachelor-boys.com

blogdepr.com

chuanyigou.com

photocouture-show.com

spacetasks.com

kureitall.com

qmcp00033.com

visiodaya.com

Targets

    • Target

      NQBNpLezqZKv1P4.exe

    • Size

      697KB

    • MD5

      f03bf8d3ecc2ae4b40f836c59ac09bdf

    • SHA1

      58f48a5a960eac4ee1f33ea16075cfd44f37b3a3

    • SHA256

      2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1

    • SHA512

      9d174091b1bfb2e38da7cfb521bd5c6e471edb348e8e1c5cddd3b0784be6cd167617277c099d28927f97a24ee6a4e74d62e659dea23264d3c4ec738e6cee0255

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks