Overview

overview

10

Static

static

1bbc9d68da...50.exe

windows7_x64

10

1bbc9d68da...50.exe

windows10_x64

10

Resubmissions

27-09-2021 03:23

210927-dxkw3sfegj 10

20-09-2021 17:56

210920-wh1yvsefh4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bbc9d68daddfbdb240d292ad00c3a50.exe

  • Size

    778KB

  • Sample

    210927-dxkw3sfegj

  • MD5

    1bbc9d68daddfbdb240d292ad00c3a50

  • SHA1

    5a3a7e4891e4e24c5d3dacd58fcc6b8ccc02cda5

  • SHA256

    f35e37b873cb4bee71eab9a5caa6bc7bcb592d84b7924e83ec00a5c9058eb03b

  • SHA512

    a8350519a5b25b9b9dc09daccea215cf616dfb9cbd2770de9ec11fd91667e32358b6abb22d2f1451c88d3ddaa4e1a847e42dfa834f112fe60240651d330919f5

Score
10/10
xloaderutrfloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

utrf

C2

http://www.xiaohe-jiankang.com/utrf/

Decoy

poppup.store

memoria-helvetica.net

rkx6.com

god-gym.com

ninuweyr.com

icilanaudiere.com

boardabird.com

moorefamilyholdingsllc.com

sakudata.com

vluowqvc.icu

misscakehead.com

studentoflife4life.com

488prospectst.com

jugoon.xyz

privatemortgageinvest.com

leeeg.com

eventoslasperlas.com

azx2.com

pcwebdesign65656.xyz

aura-tic.com

Targets

    • Target

      1bbc9d68daddfbdb240d292ad00c3a50.exe

    • Size

      778KB

    • MD5

      1bbc9d68daddfbdb240d292ad00c3a50

    • SHA1

      5a3a7e4891e4e24c5d3dacd58fcc6b8ccc02cda5

    • SHA256

      f35e37b873cb4bee71eab9a5caa6bc7bcb592d84b7924e83ec00a5c9058eb03b

    • SHA512

      a8350519a5b25b9b9dc09daccea215cf616dfb9cbd2770de9ec11fd91667e32358b6abb22d2f1451c88d3ddaa4e1a847e42dfa834f112fe60240651d330919f5

    Score
    10/10
    xloaderutrfloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks