Overview

overview

10

Static

static

Ij5TlR94sUD71Kl.exe

windows7_x64

1

Ij5TlR94sUD71Kl.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ij5TlR94sUD71Kl.exe

  • Size

    443KB

  • Sample

    220203-keq4psege5

  • MD5

    dda68b95bf6e2b6a253be8df8340caa7

  • SHA1

    68b77d0f97f84ca265b01d7b2a7562feb5f3c6bc

  • SHA256

    cfde328feb2bab7e7d8c42f5c1e679b49db27f5a4f469ef189c132d07ef211f6

  • SHA512

    73f54f0eedfedab9d7c8bb24d85569d6e2c16ab09bdafc6f1cfadd665a69b241026064241efd1ca419c378c21d17d649e727bf863411e5890855d17a8927c988

Score
10/10
xloadercbgoloaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

tablescaperendezvous4two.net

abktransportllc.net

roseevision.com

skategrindingwheels.com

robux-generator-free.xyz

yacusi.com

mgav35.xyz

paravocecommerce.com

venkatramanrm.com

freakyhamster.com

jenaashoponline.com

dmozlisting.com

lorrainekclark.store

handyman-prime.com

thecrashingbrains.com

ukpms.com

livingstonemines.com

papeisonline.com

chrisbakerpr.com

omnipets.store

Targets

    • Target

      Ij5TlR94sUD71Kl.exe

    • Size

      443KB

    • MD5

      dda68b95bf6e2b6a253be8df8340caa7

    • SHA1

      68b77d0f97f84ca265b01d7b2a7562feb5f3c6bc

    • SHA256

      cfde328feb2bab7e7d8c42f5c1e679b49db27f5a4f469ef189c132d07ef211f6

    • SHA512

      73f54f0eedfedab9d7c8bb24d85569d6e2c16ab09bdafc6f1cfadd665a69b241026064241efd1ca419c378c21d17d649e727bf863411e5890855d17a8927c988

    Score
    10/10
    xloadercbgoloaderpersistencerat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks