Overview

overview

10

Static

static

9343e81577...93.exe

windows7_x64

10

9343e81577...93.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93.exe

  • Size

    509KB

  • MD5

    196b7f181400d2e97eb9579059cc900c

  • SHA1

    4db7ff3d766b0fb98a6c70a4272aaf71a1a60180

  • SHA256

    9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93

  • SHA512

    e64427df89db6a971c453ad481477e78632732c3ca7b1b544324fc9ccb1e00a6d830879ff0408adefeff7f28cd5e3308f4c3f2a34f34a3e2334080de8489d6fa

Score
10/10
xloaderu0n0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93.exe
    "C:\Users\Admin\AppData\Local\Temp\9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Users\Admin\AppData\Local\Temp\9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93.exe
      "C:\Users\Admin\AppData\Local\Temp\9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-55-0x0000000000370000-0x00000000003F4000-memory.dmp
    Filesize

    528KB

    Download
  • memory/900-56-0x0000000075B11000-0x0000000075B13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/900-57-0x0000000000960000-0x0000000000961000-memory.dmp
    Filesize

    4KB

    Download
  • memory/900-58-0x00000000005D0000-0x00000000005DC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/900-59-0x0000000002250000-0x00000000022A0000-memory.dmp
    Filesize

    320KB

    Download
  • memory/1068-60-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1068-61-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1068-62-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1068-63-0x0000000000A40000-0x0000000000D43000-memory.dmp
    Filesize

    3.0MB

    Download