Overview

overview

10

Static

static

list+pictures pdf.exe

windows7_x64

10

list+pictures pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    list+pictures pdf.exe

  • Size

    1.1MB

  • Sample

    220126-r9we8seeg6

  • MD5

    1801ae11b1a9a4a0df775a4199cb66db

  • SHA1

    f5c6bba08809c42097b0ca24b161aed7e1e8d1ad

  • SHA256

    6a6963119089589ccf2549a56252f54cb62b516da7475219fab2c294e655e425

  • SHA512

    8ed835e04b0df4dd403250cf3d640c7b35a9b6b0843ea971a86a83b39d6dcbe465d655abd5b675a042ecc577e387e91054d7b350f4b3ffd86dbc60ea51e8996e

Score
10/10
xloaderno9uloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

no9u

Decoy

chmzdl.com

marketplace-item-4857734.com

lakesidepointeatlakenorman.com

wikisneaki.com

bonuschoices.com

oppizy.com

thevictoryguru.com

tenloe094.xyz

oqpqqa.space

ddaabong.com

testersclothing.com

paybro.online

niwios.com

timestablespassport.com

darkperseus.net

thekeenbeans.com

paperlanyardindia.com

classicsatthetoybox.com

mvzmarket.com

primaconsultingllc.com

Targets

    • Target

      list+pictures pdf.exe

    • Size

      1.1MB

    • MD5

      1801ae11b1a9a4a0df775a4199cb66db

    • SHA1

      f5c6bba08809c42097b0ca24b161aed7e1e8d1ad

    • SHA256

      6a6963119089589ccf2549a56252f54cb62b516da7475219fab2c294e655e425

    • SHA512

      8ed835e04b0df4dd403250cf3d640c7b35a9b6b0843ea971a86a83b39d6dcbe465d655abd5b675a042ecc577e387e91054d7b350f4b3ffd86dbc60ea51e8996e

    Score
    10/10
    xloaderno9uloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks