Overview

overview

10

Static

static

940fb7ef71...df.exe

windows7_x64

10

940fb7ef71...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    940fb7ef71682b6110d7c2d37a92f5df

  • Size

    350KB

  • Sample

    211022-k6qx1sccdq

  • MD5

    940fb7ef71682b6110d7c2d37a92f5df

  • SHA1

    f399fbab1d1db9c10294a3cb23d71c33947d286b

  • SHA256

    c87415b188828e354d7f87edc4184c94adb757258e79ab5e1e6e200a8c8df52c

  • SHA512

    f49ea7300c4142bc262cce914d1d34e5185fc1080b162dc2d617082e792fa0222ce366af8453ca8f7bc5a454e6a83c93f0be295cc2d9e436458a5d49c3e6e57f

Score
10/10
xloaderbs8floaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bs8f

C2

http://www.rwilogisticsandbrokerage.com/bs8f/

Decoy

vasilnikov.com

parkate.club

pol360.com

handmadequatang.com

consult-set.com

nourkoki.com

theveganfusspot.com

dreamssail.com

pinpinyouqian.xyz

satellitphonestore.com

yotosunny.com

telosaolympics.com

gogetemm.com

yozotnpasumo2.xyz

avantgardemarket.com

glenndcp.com

dirtydriverz.com

avaui.com

anchoredtheblog.com

marianaoliveiraarquitetura.com

Targets

    • Target

      940fb7ef71682b6110d7c2d37a92f5df

    • Size

      350KB

    • MD5

      940fb7ef71682b6110d7c2d37a92f5df

    • SHA1

      f399fbab1d1db9c10294a3cb23d71c33947d286b

    • SHA256

      c87415b188828e354d7f87edc4184c94adb757258e79ab5e1e6e200a8c8df52c

    • SHA512

      f49ea7300c4142bc262cce914d1d34e5185fc1080b162dc2d617082e792fa0222ce366af8453ca8f7bc5a454e6a83c93f0be295cc2d9e436458a5d49c3e6e57f

    Score
    10/10
    xloaderbs8floaderrat

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks