Overview

overview

10

Static

static

SNO22 5954...14.exe

windows7_x64

10

SNO22 5954...14.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SNO22 595406_RACX-159814.exe

  • Size

    819KB

  • Sample

    220125-p2x8ragbh6

  • MD5

    b5c5e59e2ced576d7897a76f8e2bcca5

  • SHA1

    2d9bf0b46cd37f89be12d12c36ed833894e8e749

  • SHA256

    d80d56cfde862aefb9ea4a4195b12cafc5e93f60bb13d2e1a8a1a5b6fe49d9c5

  • SHA512

    124b9c1a53eff953fa0c5d9b8b2704523a3e26f7fab1c6a677df36ec9ba02d5e352d3f4d249b3e8a56309875b37bc6c8d114be4aec0ba4abd9260144f749cacd

Score
10/10
xloaderp8celoaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

    • Target

      SNO22 595406_RACX-159814.exe

    • Size

      819KB

    • MD5

      b5c5e59e2ced576d7897a76f8e2bcca5

    • SHA1

      2d9bf0b46cd37f89be12d12c36ed833894e8e749

    • SHA256

      d80d56cfde862aefb9ea4a4195b12cafc5e93f60bb13d2e1a8a1a5b6fe49d9c5

    • SHA512

      124b9c1a53eff953fa0c5d9b8b2704523a3e26f7fab1c6a677df36ec9ba02d5e352d3f4d249b3e8a56309875b37bc6c8d114be4aec0ba4abd9260144f749cacd

    Score
    10/10
    xloaderp8celoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks