Overview

overview

10

Static

static

a81af33110...83.exe

windows7_x64

10

a81af33110...83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a81af331102829201d998ae29328d883

  • Size

    433KB

  • Sample

    211102-n5q36scea2

  • MD5

    a81af331102829201d998ae29328d883

  • SHA1

    373ab9f4368f1788347efc21f5178710f71b172b

  • SHA256

    5e7b928b5c0d88553f69aeabc8483a2bafb9f99fe0b22cc6e46d8a578d5fb791

  • SHA512

    43379f42060d17cdad56a11aa211924397174b1224f4cd7d66896e66cdc4ef995d74a36428bead381a260eea745b613285c18394b2e58571bcaeed218abdc995

Score
10/10
xloadersb6nloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sb6n

C2

http://www.best5amazon.com/sb6n/

Decoy

bogosamba.com

inmobiliariapuertalavilla.com

nopressurewellness.com

hairshopamity.com

epicmoments360.com

tutorgpa.com

fucibou.xyz

135631.com

portraydashcam.com

raqsarabia.com

okantis.net

vongquaykimcuongfreefire.online

prodom.online

5537sbishop.info

lisakenneyinc.com

fivetime.xyz

borzv.com

joungla.com

mas-urbano.com

sjczyw.com

Targets

    • Target

      a81af331102829201d998ae29328d883

    • Size

      433KB

    • MD5

      a81af331102829201d998ae29328d883

    • SHA1

      373ab9f4368f1788347efc21f5178710f71b172b

    • SHA256

      5e7b928b5c0d88553f69aeabc8483a2bafb9f99fe0b22cc6e46d8a578d5fb791

    • SHA512

      43379f42060d17cdad56a11aa211924397174b1224f4cd7d66896e66cdc4ef995d74a36428bead381a260eea745b613285c18394b2e58571bcaeed218abdc995

    Score
    10/10
    xloadersb6nloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks