Overview

overview

10

Static

static

4BLyLYjn3ouHvAH.exe

windows7_x64

10

4BLyLYjn3ouHvAH.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4BLyLYjn3ouHvAH.exe

  • Size

    393KB

  • Sample

    220131-ss3cwsabc2

  • MD5

    7f4e6cd67f226b6e133e7f64c66eb63b

  • SHA1

    ac2991e05b073d9ac553d02581316e2c8c8f0512

  • SHA256

    fb91fdb75469674ccea99970234845ea45afca2f214be1521cf97d1f71f2f35c

  • SHA512

    97f03c9d1f3e9a8c5207de20d3ea28647a7c217358986f6f514fb3c3a52273b0ebdac4715ca3461e8df11d7c6fb8c688c0d5ea7058c1c9cceee8e2c35711597f

Score
10/10
xloaderadn9loaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

adn9

Decoy

xiutongyiyan.com

ya-yaskitchen.com

allisonandjacob.com

jipodh.xyz

martenscipok.com

streamsetupbuff.com

healingthebodynaturally.com

treeohk.com

becomelove.today

kung.info

rmdojrp.com

ci-ohio.com

offcareon.top

prayerwarriorforadollar.com

veytrex.com

clawika.gmbh

mylinse.com

cadillacjacksbargrill.com

10dian-1.com

gujaratigyaan.com

Targets

    • Target

      4BLyLYjn3ouHvAH.exe

    • Size

      393KB

    • MD5

      7f4e6cd67f226b6e133e7f64c66eb63b

    • SHA1

      ac2991e05b073d9ac553d02581316e2c8c8f0512

    • SHA256

      fb91fdb75469674ccea99970234845ea45afca2f214be1521cf97d1f71f2f35c

    • SHA512

      97f03c9d1f3e9a8c5207de20d3ea28647a7c217358986f6f514fb3c3a52273b0ebdac4715ca3461e8df11d7c6fb8c688c0d5ea7058c1c9cceee8e2c35711597f

    Score
    10/10
    xloaderadn9loaderratpersistence

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks