Overview

overview

10

Static

static

TT Advice ...on.exe

windows7_x64

10

TT Advice ...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT Advice Transfer confirmation.exe

  • Size

    388KB

  • Sample

    220127-ld769saff8

  • MD5

    48efc858b71dd263d50a4c7eab5cbd28

  • SHA1

    b7fa887a0724cfe06d1752231e839694ede363b1

  • SHA256

    947781dc2bb16bf085419b1804e568c2a0293423018f4b5e60beda4ed0ae218e

  • SHA512

    28705d51526bef013f7752726ed7e59e84d14f9fecc91836822cadd5795cccd4e47c6aa1d8f2b82b382eb5a071eca1e07654866878f16910b2502f4fc0315855

Score
10/10
xloadern8bsloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Targets

    • Target

      TT Advice Transfer confirmation.exe

    • Size

      388KB

    • MD5

      48efc858b71dd263d50a4c7eab5cbd28

    • SHA1

      b7fa887a0724cfe06d1752231e839694ede363b1

    • SHA256

      947781dc2bb16bf085419b1804e568c2a0293423018f4b5e60beda4ed0ae218e

    • SHA512

      28705d51526bef013f7752726ed7e59e84d14f9fecc91836822cadd5795cccd4e47c6aa1d8f2b82b382eb5a071eca1e07654866878f16910b2502f4fc0315855

    Score
    10/10
    xloadern8bsloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks