Overview

overview

10

Static

static

15c34e5e1b...d7.exe

windows7_x64

10

15c34e5e1b...d7.exe

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    10-12-2021 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15c34e5e1b995ffcbca4310b78f3f7d7.exe

  • Size

    1.2MB

  • MD5

    15c34e5e1b995ffcbca4310b78f3f7d7

  • SHA1

    596dbe75dd64288d3b3fc7a29baaf40592ed93d3

  • SHA256

    869a075f9809475dd6839987e3b1431a1fd437ad7879becd35e4f055b4a7f747

  • SHA512

    cc56f17d20e946a19f343da89cb07122009a4db89d50d283498a44161403d9c18c6d93d2849b7f050e63942fcb09af613db233c41f6f1781e397146f363c24b2

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

C2

http://www.fis.photos/ef6c/

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15c34e5e1b995ffcbca4310b78f3f7d7.exe
    "C:\Users\Admin\AppData\Local\Temp\15c34e5e1b995ffcbca4310b78f3f7d7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\15c34e5e1b995ffcbca4310b78f3f7d7.exe
      "C:\Users\Admin\AppData\Local\Temp\15c34e5e1b995ffcbca4310b78f3f7d7.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/416-125-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/416-126-0x000000000041D3D0-mapping.dmp
    Download
  • memory/416-127-0x0000000001240000-0x0000000001560000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/2688-115-0x0000000000210000-0x0000000000211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-117-0x0000000005050000-0x0000000005051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-118-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-119-0x0000000004B70000-0x0000000004B71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-120-0x0000000004B50000-0x000000000504E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2688-121-0x0000000005030000-0x0000000005037000-memory.dmp
    Filesize

    28KB

    Download
  • memory/2688-122-0x00000000080E0000-0x00000000080E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-123-0x0000000008450000-0x0000000008451000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-124-0x0000000008700000-0x0000000008816000-memory.dmp
    Filesize

    1.1MB

    Download