Overview

overview

10

Static

static

859a1a6574...82.exe

windows7_x64

10

859a1a6574...82.exe

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    24-09-2021 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    859a1a6574e4a09027f729908318b282.exe

  • Size

    421KB

  • MD5

    859a1a6574e4a09027f729908318b282

  • SHA1

    bf7c9e96ca263d7811f7357f8645af42b04c093b

  • SHA256

    d84f2a05198d85dd6f2bf606fe6e24f7ca929cff9796d6b7f269bb8e7cf8b2a7

  • SHA512

    4163390db6bf2d8f66e8575e8d116df222e8d72b97037eca614fdb2d94d8cd686c31eb4593ce1164dfc398fe03a7b3ac97bfee61fc2e3ddb27e566c39cb234ec

Score
10/10
xloaderaruploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

arup

C2

http://www.sapphiretype.com/arup/

Decoy

mezonpezon.com

bellapbd.com

xn--2kr800ab2z.group

cupecoysuites.com

extractselect.com

cherrycooky.com

reshawna.com

bluewinetours.com

dez2fly.com

washedproductions.com

om-asahi-kasei-jp.com

talkingpoint.tours

avaspacecompany.com

fbtvmall.com

trocaoferta.com

mionegozio.com

reitschuetz.com

basepicks.com

networkagricity.com

kastore.club

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\859a1a6574e4a09027f729908318b282.exe
    "C:\Users\Admin\AppData\Local\Temp\859a1a6574e4a09027f729908318b282.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\Users\Admin\AppData\Local\Temp\859a1a6574e4a09027f729908318b282.exe
      "C:\Users\Admin\AppData\Local\Temp\859a1a6574e4a09027f729908318b282.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1424-125-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1424-126-0x000000000041D4B0-mapping.dmp
    Download
  • memory/1424-127-0x00000000019B0000-0x0000000001CD0000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/3592-115-0x0000000000D30000-0x0000000000D31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-117-0x00000000059E0000-0x00000000059E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-118-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-119-0x0000000005670000-0x0000000005671000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-120-0x00000000054E0000-0x00000000059DE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3592-121-0x00000000079E0000-0x00000000079E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-122-0x0000000005920000-0x0000000005924000-memory.dmp
    Filesize

    16KB

    Download
  • memory/3592-123-0x0000000007D90000-0x0000000007DEC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/3592-124-0x0000000007DF0000-0x0000000007E1C000-memory.dmp
    Filesize

    176KB

    Download