Overview

overview

10

Static

static

328bee37fc...4e.exe

windows7_x64

10

328bee37fc...4e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    328bee37fcb028ff0d8b6b2c406b3b4e.exe

  • Size

    814KB

  • Sample

    220125-y1keyaedd5

  • MD5

    328bee37fcb028ff0d8b6b2c406b3b4e

  • SHA1

    be9254a60f0301a22c6ab708b3829c2d61f21adb

  • SHA256

    11e5030403c99dfa27a1c41a8a3abf2408324166735b081a7db038c9a3ec357d

  • SHA512

    87677e6eb40a4163e2c23d500664d1bbc5502393de8db774ad1568b70e3f360c258a815db2665b61fabac9afb1e357b32f10af4ccc2cdc68f115d1eea2495aca

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      328bee37fcb028ff0d8b6b2c406b3b4e.exe

    • Size

      814KB

    • MD5

      328bee37fcb028ff0d8b6b2c406b3b4e

    • SHA1

      be9254a60f0301a22c6ab708b3829c2d61f21adb

    • SHA256

      11e5030403c99dfa27a1c41a8a3abf2408324166735b081a7db038c9a3ec357d

    • SHA512

      87677e6eb40a4163e2c23d500664d1bbc5502393de8db774ad1568b70e3f360c258a815db2665b61fabac9afb1e357b32f10af4ccc2cdc68f115d1eea2495aca

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks