Overview

overview

10

Static

static

9343e81577...93.exe

windows7_x64

10

9343e81577...93.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93

  • Size

    509KB

  • Sample

    220129-ragssscbd3

  • MD5

    196b7f181400d2e97eb9579059cc900c

  • SHA1

    4db7ff3d766b0fb98a6c70a4272aaf71a1a60180

  • SHA256

    9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93

  • SHA512

    e64427df89db6a971c453ad481477e78632732c3ca7b1b544324fc9ccb1e00a6d830879ff0408adefeff7f28cd5e3308f4c3f2a34f34a3e2334080de8489d6fa

Score
10/10
xloaderu0n0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

    • Target

      9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93

    • Size

      509KB

    • MD5

      196b7f181400d2e97eb9579059cc900c

    • SHA1

      4db7ff3d766b0fb98a6c70a4272aaf71a1a60180

    • SHA256

      9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93

    • SHA512

      e64427df89db6a971c453ad481477e78632732c3ca7b1b544324fc9ccb1e00a6d830879ff0408adefeff7f28cd5e3308f4c3f2a34f34a3e2334080de8489d6fa

    Score
    10/10
    xloaderu0n0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks