Overview

overview

10

Static

static

PO7420.exe

windows7_x64

10

PO7420.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO7420.exe

  • Size

    670KB

  • Sample

    210915-gs9leshhf9

  • MD5

    02e6d76727a49338165563bfccb66182

  • SHA1

    f1302c87caad5869fdf9c151c0a506cda1b3d5a3

  • SHA256

    98a9431a38a821366e3bf9cc3bbb9a9b44f5820632ac85c5a9f2349e65a507a0

  • SHA512

    605d13c0b75c8cd94ceff9cc3d7cfa317b5b360df62c6a0f93a838558081665b0ef3d7bca5857cf1cf41a5e5f7db745d74d3fe9a6d9b4900da110efbb6749b0e

Score
10/10
xloaderc28hloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c28h

C2

http://www.yourweddingscent.online/c28h/

Decoy

xn--osegredodameditao-nqb9e.com

blakepleasant.com

midnightindulgence.com

lungx.com

goldenretrieversmn.com

thecapshooter.com

luxuryledlighting.com

coachlind.com

jewelryart-byirene.com

legacyvending.net

staffjet.info

geogest.com

okmulgeedream.center

mexicoifbbproleague.net

tomrings.com

kidsomia.com

learnwithalinguist.com

getboardsuited.com

aiyuc.com

wowmanship.com

Targets

    • Target

      PO7420.exe

    • Size

      670KB

    • MD5

      02e6d76727a49338165563bfccb66182

    • SHA1

      f1302c87caad5869fdf9c151c0a506cda1b3d5a3

    • SHA256

      98a9431a38a821366e3bf9cc3bbb9a9b44f5820632ac85c5a9f2349e65a507a0

    • SHA512

      605d13c0b75c8cd94ceff9cc3d7cfa317b5b360df62c6a0f93a838558081665b0ef3d7bca5857cf1cf41a5e5f7db745d74d3fe9a6d9b4900da110efbb6749b0e

    Score
    10/10
    xloaderc28hloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks