Overview

overview

10

Static

static

SOA.exe

windows7_x64

10

SOA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA.exe

  • Size

    1.1MB

  • Sample

    210827-yjlc8br6na

  • MD5

    7760a3d9ef17a66544149d4564afb06b

  • SHA1

    5778fd582c9eb9d511d522246aba0c3ca6a769bd

  • SHA256

    db33772c98a3b201320bf4b88830aa7ec9e2c85797cf4460ab67f8d4d93964f4

  • SHA512

    a5b92fa61be0479789566a08c94aa9e6d4f03c5ea17f06215585d031b5c967d97721d7d96ed607a855c1f3a2e6e0ba5b54af8b1e5ba97de40b31179ac99a3912

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

C2

http://www.piadineriae45.com/bp39/

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      SOA.exe

    • Size

      1.1MB

    • MD5

      7760a3d9ef17a66544149d4564afb06b

    • SHA1

      5778fd582c9eb9d511d522246aba0c3ca6a769bd

    • SHA256

      db33772c98a3b201320bf4b88830aa7ec9e2c85797cf4460ab67f8d4d93964f4

    • SHA512

      a5b92fa61be0479789566a08c94aa9e6d4f03c5ea17f06215585d031b5c967d97721d7d96ed607a855c1f3a2e6e0ba5b54af8b1e5ba97de40b31179ac99a3912

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks