Overview

overview

10

Static

static

SNO22 Pric...14.exe

windows7_x64

3

SNO22 Pric...14.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SNO22 PriceLetter595406_RACX-159814.exe

  • Size

    7KB

  • Sample

    220128-radq5sdhcr

  • MD5

    7088f42f3e34585a113c57d472e7f6e9

  • SHA1

    a3bae33f21a6068eb3c76bc3e74c61df20d5596b

  • SHA256

    472f77899f797ab92af8a3b5eacbf827ce8e287971f4dd3a9f23ae00d7b25475

  • SHA512

    4a86a834ad2a6cc35ab62aa0af9cd8d9c87d9fa1daf1c8328cba856fc27569c8c7d89e64be714805fdc65af6022d5602c08237f5a1344fc6ff7e9d1c54fccb01

Score
10/10
xloaderp8celoaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

    • Target

      SNO22 PriceLetter595406_RACX-159814.exe

    • Size

      7KB

    • MD5

      7088f42f3e34585a113c57d472e7f6e9

    • SHA1

      a3bae33f21a6068eb3c76bc3e74c61df20d5596b

    • SHA256

      472f77899f797ab92af8a3b5eacbf827ce8e287971f4dd3a9f23ae00d7b25475

    • SHA512

      4a86a834ad2a6cc35ab62aa0af9cd8d9c87d9fa1daf1c8328cba856fc27569c8c7d89e64be714805fdc65af6022d5602c08237f5a1344fc6ff7e9d1c54fccb01

    Score
    10/10
    xloaderp8celoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks