Overview

overview

10

Static

static

9a11096ec7...e8.exe

windows7_x64

10

9a11096ec7...e8.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    17-01-2022 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a11096ec7f7df31e17a49b906ffe6e8.exe

  • Size

    784KB

  • MD5

    9a11096ec7f7df31e17a49b906ffe6e8

  • SHA1

    3badde24ac2d4dbcf354e6d31d1ecf29af4f0956

  • SHA256

    a1d8420052bbdcaf3d318427bfe57edf5cc330fb14aaa5f4a597fac220c2a6de

  • SHA512

    b8948bbdbcc03612ed5421d849ddcec4f02e5d83267620b8c0aa9e4f3bfc2714ff424bbd5c2876e2f4b317ad15e2db016912541385b191727d78de66fb8a4278

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a11096ec7f7df31e17a49b906ffe6e8.exe
    "C:\Users\Admin\AppData\Local\Temp\9a11096ec7f7df31e17a49b906ffe6e8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Users\Admin\AppData\Local\Temp\9a11096ec7f7df31e17a49b906ffe6e8.exe
      "C:\Users\Admin\AppData\Local\Temp\9a11096ec7f7df31e17a49b906ffe6e8.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/864-55-0x0000000000270000-0x000000000033A000-memory.dmp
    Filesize

    808KB

    Download
  • memory/864-56-0x0000000000270000-0x000000000033A000-memory.dmp
    Filesize

    808KB

    Download
  • memory/864-57-0x0000000075421000-0x0000000075423000-memory.dmp
    Filesize

    8KB

    Download
  • memory/864-58-0x0000000004DC0000-0x0000000004DC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/864-59-0x0000000000360000-0x0000000000370000-memory.dmp
    Filesize

    64KB

    Download
  • memory/864-60-0x0000000004E00000-0x0000000004E5E000-memory.dmp
    Filesize

    376KB

    Download
  • memory/1104-61-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1104-62-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1104-63-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1104-64-0x000000000041D400-mapping.dmp
    Download
  • memory/1104-65-0x00000000009B0000-0x0000000000CB3000-memory.dmp
    Filesize

    3.0MB

    Download