Overview

overview

10

Static

static

10

h.exe

windows7_x64

10

h.exe

windows10_x64

10

Resubmissions

21-10-2021 12:23

211021-pkwctsbbdk 10

21-10-2021 10:04

211021-l4chaaabd5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    h.exe

  • Size

    164KB

  • Sample

    211021-l4chaaabd5

  • MD5

    5a1625b4d218701aee2792942873844c

  • SHA1

    7c182f2f42a6e0cfa173b984d7af9825d1d22675

  • SHA256

    521eaf117bcfc62a8ae241f2b625ad3850e686cb11b48b536aa4848f96966d83

  • SHA512

    59a6c529823426576d01ede431c77ec339a1e0622dc5dd8d7dfad7e6d63b7dded3fb19d51e1aa1119bd26fc5485e4dcb166a8dac2ee6f9d2c0e2753b5fcd4657

Score
10/10
xloadereuznloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      h.exe

    • Size

      164KB

    • MD5

      5a1625b4d218701aee2792942873844c

    • SHA1

      7c182f2f42a6e0cfa173b984d7af9825d1d22675

    • SHA256

      521eaf117bcfc62a8ae241f2b625ad3850e686cb11b48b536aa4848f96966d83

    • SHA512

      59a6c529823426576d01ede431c77ec339a1e0622dc5dd8d7dfad7e6d63b7dded3fb19d51e1aa1119bd26fc5485e4dcb166a8dac2ee6f9d2c0e2753b5fcd4657

    Score
    10/10
    xloadereuznloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks