Overview

overview

10

Static

static

PO_S32G01521.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e58111afc2078e1a828aa5b911a41a41944c53c8d1c61245e1a4e032133f7148

  • Size

    372KB

  • Sample

    210727-c3tp6jydv2

  • MD5

    2113110c8ab73310ebb20034e9cb91c4

  • SHA1

    ce41363b4b6786f7dc15eb2a655daf8d6f89055c

  • SHA256

    e58111afc2078e1a828aa5b911a41a41944c53c8d1c61245e1a4e032133f7148

  • SHA512

    6c9d8fc1fa68fec0bbfd9e4ea9d2e78f9a612d2f021b3e794ba238aa2a02e7b1dfb57c6a0027383fd995e3a2254702d31b97be381a22db189ab361aa20072997

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.bodymoisturizer.online/q4kr/

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

    • Target

      PO_S32G01521.exe

    • Size

      450KB

    • MD5

      7c67d687aa9d574fcea531bda2eda1da

    • SHA1

      9ca303e862a7d00d2768abcf83211fceb72e836c

    • SHA256

      44810a90a17a6d1286bdd1862a82c7062371ccece40cbd8e22dce7028e011825

    • SHA512

      55ad7074da83ff222622fad62e2f657d7c888d7ed2398346c9e897ac77d8f5f275513eeb11e82081242fb3c17d7f1eb739e024ff617dd1d0f4ed4d78d8859b6a

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks