Overview

overview

10

Static

static

PO 56720012359.exe

windows7_x64

5

PO 56720012359.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 56720012359.exe

  • Size

    297KB

  • Sample

    210915-hccgesaaa3

  • MD5

    839c75a88734aaf014ef0c3d77ce9109

  • SHA1

    10d79cb8e51fd30bfff63b2465ba0e111f6dd500

  • SHA256

    1829af596150521350d812c07f81226755d397e4755f649e083cc06de7d6f402

  • SHA512

    e6feddaf0616f781a8d9de9fd68e78654c2be2c1e5bff676fc4d78de7ca6f8f6cace5245117d7554c4f50452c6d7d60ab5a62d1f66580ed8707ec835d91cc551

Score
10/10
xloaderb6culoaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

C2

http://www.allfyllofficial.com/b6cu/

Decoy

sxdiyan.com

web0084.com

cpafirmspokane.com

la-bio-geo.com

chacrit.com

stuntfighting.com

rjsworkshop.com

themillennialsfinest.com

thefrontrealestate.com

chairmn.com

best1korea.com

gudssutu.icu

backupchip.net

shrikanthamimports.com

sportrecoverysleeve.com

healthy-shack.com

investperwear.com

intertradeperu.com

resonantonshop.com

greghugheslaw.com

Targets

    • Target

      PO 56720012359.exe

    • Size

      297KB

    • MD5

      839c75a88734aaf014ef0c3d77ce9109

    • SHA1

      10d79cb8e51fd30bfff63b2465ba0e111f6dd500

    • SHA256

      1829af596150521350d812c07f81226755d397e4755f649e083cc06de7d6f402

    • SHA512

      e6feddaf0616f781a8d9de9fd68e78654c2be2c1e5bff676fc4d78de7ca6f8f6cace5245117d7554c4f50452c6d7d60ab5a62d1f66580ed8707ec835d91cc551

    Score
    10/10
    xloaderb6culoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks