Overview

overview

10

Static

static

IMG-0046378383.exe

windows7_x64

10

IMG-0046378383.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-0046378383.exe

  • Size

    373KB

  • Sample

    220118-tfpfyabhe6

  • MD5

    ababcdf5785412a747d87177b934e515

  • SHA1

    5254b6a22dfeb26d9ae987bd19573f213bdf46f2

  • SHA256

    fd3c9ec5aa55237cf52aabcee01fe3013d59e59eb6722e80f44aa8ce05ec2e9c

  • SHA512

    4fb094cac5ad82549963baac10178475dcb408993c6bfa3b644aeeda6b03ebf4625b952c34070ae170d4ee4d17f363b21980c231d0c53dd16d1ca3a1bdd51e8e

Score
10/10
xloaderc6siloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

    • Target

      IMG-0046378383.exe

    • Size

      373KB

    • MD5

      ababcdf5785412a747d87177b934e515

    • SHA1

      5254b6a22dfeb26d9ae987bd19573f213bdf46f2

    • SHA256

      fd3c9ec5aa55237cf52aabcee01fe3013d59e59eb6722e80f44aa8ce05ec2e9c

    • SHA512

      4fb094cac5ad82549963baac10178475dcb408993c6bfa3b644aeeda6b03ebf4625b952c34070ae170d4ee4d17f363b21980c231d0c53dd16d1ca3a1bdd51e8e

    Score
    10/10
    xloaderc6siloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks