Overview

overview

10

Static

static

f25f99160f...0a.exe

windows7_x64

10

f25f99160f...0a.exe

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    13-12-2021 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f25f99160f53de6443616a127637d90a.exe

  • Size

    1.2MB

  • MD5

    f25f99160f53de6443616a127637d90a

  • SHA1

    fc2d05b74442ce84eaee52562b74ed85371f0777

  • SHA256

    660fe8ad69670eeba2c95a5a011a8bf98b0effb5398cf1ff6c3a8a759a3bc0c8

  • SHA512

    d3ee70b73a4f37ce0dbce6a81031db7781b7c2f1be6c66dde7c2f94e94752599759e2e8fa66eb2a02b79ff4fcec1cdd971b6ff1fd37955b3796002572fb386e1

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

C2

http://www.fis.photos/ef6c/

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f25f99160f53de6443616a127637d90a.exe
    "C:\Users\Admin\AppData\Local\Temp\f25f99160f53de6443616a127637d90a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\f25f99160f53de6443616a127637d90a.exe
      "C:\Users\Admin\AppData\Local\Temp\f25f99160f53de6443616a127637d90a.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2080-116-0x0000000000420000-0x0000000000421000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-118-0x00000000054A0000-0x00000000054A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-119-0x0000000004FA0000-0x0000000004FA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-120-0x0000000004E60000-0x0000000004EF2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2080-121-0x0000000005060000-0x0000000005061000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-122-0x0000000005470000-0x0000000005478000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2080-123-0x0000000008460000-0x0000000008461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-124-0x00000000087D0000-0x00000000087D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-125-0x0000000008870000-0x0000000008986000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/3924-127-0x000000000041D3D0-mapping.dmp
    Download
  • memory/3924-126-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/3924-128-0x0000000001150000-0x0000000001470000-memory.dmp
    Filesize

    3.1MB

    Download