Overview

overview

10

Static

static

Package Details.exe

windows7_x64

10

Package Details.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    41s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    19-01-2022 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Package Details.exe

  • Size

    432KB

  • MD5

    238a711fcfa7ed1c1556236e91227193

  • SHA1

    fd5a53af42d006ba81383e4b4224d2b4807f3f01

  • SHA256

    c08635756f84fd0564e081544cb5c5b2130d14b1a0965be3f971be131f401b70

  • SHA512

    bda31ced6f234ff81e4957d297d29018caeed9053d5061505b84729118774885245b6fe2604dd010de3e6f81f7f39b78e2de5000d1a10d992c5b9d3974fffee3

Score
10/10
xloaderloaderrat

Malware Config

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Package Details.exe
    "C:\Users\Admin\AppData\Local\Temp\Package Details.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Users\Admin\AppData\Local\Temp\Package Details.exe
      "C:\Users\Admin\AppData\Local\Temp\Package Details.exe"
      2⤵
        PID:1696

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1696-136-0x0000000000400000-0x0000000000429000-memory.dmp
      Filesize

      164KB

      Download
    • memory/3380-130-0x0000000000CF0000-0x0000000000D60000-memory.dmp
      Filesize

      448KB

      Download
    • memory/3380-131-0x0000000005D70000-0x0000000006314000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/3380-132-0x0000000005700000-0x0000000005792000-memory.dmp
      Filesize

      584KB

      Download
    • memory/3380-133-0x00000000057C0000-0x00000000057CA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/3380-134-0x00000000057C0000-0x0000000005D64000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/3380-135-0x0000000007C90000-0x0000000007D2C000-memory.dmp
      Filesize

      624KB

      Download