Overview

overview

10

Static

static

PO650.exe

windows7_x64

10

PO650.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO650.exe

  • Size

    260KB

  • Sample

    210826-fby335hdce

  • MD5

    0f9ed47f1ffe3b1cd242b7872f4ce341

  • SHA1

    37c2b669d727b1aec796644c1f4f884f0ad86944

  • SHA256

    d7abd3634174ad687ef4153f268667361c7177b73871c7dbd296659d918e0d36

  • SHA512

    b739a86c7ba735fe40e7630603519d2383b7615ab5c96780138455496da804e19a3d8b3228afb98403b84cdf9b769b064af899f173dd044bd313b1e32d4a18bf

Score
10/10
xloaderc28hloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c28h

C2

http://www.yourweddingscent.online/c28h/

Decoy

xn--osegredodameditao-nqb9e.com

blakepleasant.com

midnightindulgence.com

lungx.com

goldenretrieversmn.com

thecapshooter.com

luxuryledlighting.com

coachlind.com

jewelryart-byirene.com

legacyvending.net

staffjet.info

geogest.com

okmulgeedream.center

mexicoifbbproleague.net

tomrings.com

kidsomia.com

learnwithalinguist.com

getboardsuited.com

aiyuc.com

wowmanship.com

Targets

    • Target

      PO650.exe

    • Size

      260KB

    • MD5

      0f9ed47f1ffe3b1cd242b7872f4ce341

    • SHA1

      37c2b669d727b1aec796644c1f4f884f0ad86944

    • SHA256

      d7abd3634174ad687ef4153f268667361c7177b73871c7dbd296659d918e0d36

    • SHA512

      b739a86c7ba735fe40e7630603519d2383b7615ab5c96780138455496da804e19a3d8b3228afb98403b84cdf9b769b064af899f173dd044bd313b1e32d4a18bf

    Score
    10/10
    xloaderc28hloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks