Overview

overview

10

Static

static

K.exe

windows7_x64

10

K.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    K.exe

  • Size

    723KB

  • Sample

    210906-fqvh2saae7

  • MD5

    de5ca69a7939c4a8ce6846463990aa7b

  • SHA1

    358c3f58194ccc713f000e194024b817f6cb5320

  • SHA256

    5bc9d0c8fd02f1c138178b1291378304a653717076f9e12ba4334609dcf7b11c

  • SHA512

    827bb09597d0226e27e2740886993593d7565d1bb5d130ee46bd87c6663f1cb60ac369a3272675fad8c8d8789e3b6aaf822ef13bcdf89cf821830ce795a7f7c6

Score
10/10
xloadert75floaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

    • Target

      K.exe

    • Size

      723KB

    • MD5

      de5ca69a7939c4a8ce6846463990aa7b

    • SHA1

      358c3f58194ccc713f000e194024b817f6cb5320

    • SHA256

      5bc9d0c8fd02f1c138178b1291378304a653717076f9e12ba4334609dcf7b11c

    • SHA512

      827bb09597d0226e27e2740886993593d7565d1bb5d130ee46bd87c6663f1cb60ac369a3272675fad8c8d8789e3b6aaf822ef13bcdf89cf821830ce795a7f7c6

    Score
    10/10
    xloadert75floaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks