Overview

overview

10

Static

static

10

111.vir.exe

windows7_x64

10

111.vir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    111.vir

  • Size

    163KB

  • Sample

    211014-g9ykgsgcg9

  • MD5

    a9d2cf93c33422a04bc4cf09b7ec874a

  • SHA1

    60b5b6ff503aba04a3bf9db5e2abd9d2f867e874

  • SHA256

    89886686c26da7dc2ea3d1ea47da68f4f33c3e399d32b3b4abd115eb0c017bd9

  • SHA512

    a272167c5b3678fa720c2e1e88298b4b7e2411f72d189b21887a378ee0ab794d3c28ed8b966e1280ae30785d7042b8c7c978d6f6fd1d9032d8ab208ec6ac6e11

Score
10/10
xloaderg9vgloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g9vg

C2

http://www.supra413.com/g9vg/

Decoy

selenebrennan.com

htsfrance.com

monsieurtechno.com

argosy.city

lit-clouds.com

emilio-m.com

crashycraft.net

washmebro.com

1houroflife.com

millershaga.com

newtonpod.com

camopants.net

animator-show.com

qqzome.com

assetacre.com

letsmakeyourchoice.com

gileadpreferences.com

ecomarklifestyle.com

mivaautomotive.com

rattle100.com

Targets

    • Target

      111.vir

    • Size

      163KB

    • MD5

      a9d2cf93c33422a04bc4cf09b7ec874a

    • SHA1

      60b5b6ff503aba04a3bf9db5e2abd9d2f867e874

    • SHA256

      89886686c26da7dc2ea3d1ea47da68f4f33c3e399d32b3b4abd115eb0c017bd9

    • SHA512

      a272167c5b3678fa720c2e1e88298b4b7e2411f72d189b21887a378ee0ab794d3c28ed8b966e1280ae30785d7042b8c7c978d6f6fd1d9032d8ab208ec6ac6e11

    Score
    10/10
    xloaderg9vgloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks