Overview

overview

10

Static

static

S.O.A. For...df.exe

windows7_x64

10

S.O.A. For...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    S.O.A. For JAN22_pdf.exe

  • Size

    385KB

  • Sample

    220127-lvhb6sahg6

  • MD5

    7ec785f4a7f89ef669f4ae8f27944acd

  • SHA1

    82a7ffc5b412cb1728afca2c22df3f8e24146df7

  • SHA256

    bf5b18ccd94ad7519a945dc977e60d505e488edb1a7b91bc13a8031fe5cea262

  • SHA512

    e90d2e4dd59c57c6cab86e6d27d094f220fc5fafc8c1efae14ceaa349083ff42334ae845e55682c62c00ca03b7cc22fad267753303942b7b83a740de8f040b2f

Score
10/10
xloaderb23kloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b23k

Decoy

foxsistersofhydesville.com

jetronbang.com

agriturismopartingoli.com

ihiinscus.com

zaksrestaurants.store

aspetac.com

ycjhjd.com

fountainspringscapemay.com

earlydose.com

nocodebelgium.com

65235.xyz

yasesite.com

steeltoilets.com

xceqa.xyz

2021udtv.com

belorusneft.top

the4asofdekhockey.com

gertexhosiery.com

fidelismortgages.com

bellacomoninguna.com

Targets

    • Target

      S.O.A. For JAN22_pdf.exe

    • Size

      385KB

    • MD5

      7ec785f4a7f89ef669f4ae8f27944acd

    • SHA1

      82a7ffc5b412cb1728afca2c22df3f8e24146df7

    • SHA256

      bf5b18ccd94ad7519a945dc977e60d505e488edb1a7b91bc13a8031fe5cea262

    • SHA512

      e90d2e4dd59c57c6cab86e6d27d094f220fc5fafc8c1efae14ceaa349083ff42334ae845e55682c62c00ca03b7cc22fad267753303942b7b83a740de8f040b2f

    Score
    10/10
    xloaderb23kloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks