Overview

overview

10

Static

static

scan-0001098.exe

windows7_x64

10

scan-0001098.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan-0001098.exe

  • Size

    235KB

  • Sample

    210819-1lx8z71afn

  • MD5

    24147a6909f47667067a4598f50fdfc4

  • SHA1

    29d9b920365fd2092e2d2f2ebac159882e80cb8c

  • SHA256

    32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8

  • SHA512

    e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd

Score
10/10
xloadernoi6loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

C2

http://www.offshoresrilanka.com/noi6/

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

    • Target

      scan-0001098.exe

    • Size

      235KB

    • MD5

      24147a6909f47667067a4598f50fdfc4

    • SHA1

      29d9b920365fd2092e2d2f2ebac159882e80cb8c

    • SHA256

      32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8

    • SHA512

      e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd

    Score
    10/10
    xloadernoi6loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks