Overview

overview

10

Static

static

grace $.exe

windows7_x64

10

grace $.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    grace $.exe

  • Size

    482KB

  • Sample

    210903-d7mtescab2

  • MD5

    beee308b51db0c02f8eeebf7d2773a6d

  • SHA1

    4df5d609ea5b05dfcba4b9e51120a10374f7d450

  • SHA256

    7af335cb2a2646ddadf12f730585a217523da868aaeb12ba621b367c1b942693

  • SHA512

    d0665aa70d1c1116a36c296bc49ec4b474a086d9741d3439f8b0fe4c8f054ae8ab1d5610b4e4e74758c25947054a569e5b897822e2859c8595b00dc69015a63b

Score
10/10
xloadert75floaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

    • Target

      grace $.exe

    • Size

      482KB

    • MD5

      beee308b51db0c02f8eeebf7d2773a6d

    • SHA1

      4df5d609ea5b05dfcba4b9e51120a10374f7d450

    • SHA256

      7af335cb2a2646ddadf12f730585a217523da868aaeb12ba621b367c1b942693

    • SHA512

      d0665aa70d1c1116a36c296bc49ec4b474a086d9741d3439f8b0fe4c8f054ae8ab1d5610b4e4e74758c25947054a569e5b897822e2859c8595b00dc69015a63b

    Score
    10/10
    xloadert75floaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks