Overview

overview

10

Static

static

8893fe00e5...75.exe

windows7_x64

10

8893fe00e5...75.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    09-02-2022 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8893fe00e5bfd3794018c17254c26375.exe

  • Size

    820KB

  • MD5

    8893fe00e5bfd3794018c17254c26375

  • SHA1

    2921a9af9980c6e63549aa23f396e61c8aff916a

  • SHA256

    cba2f725d2b6b4212d2e8ba58b7e26e59e3276065d1f58fd11eeeaf0dfb15aeb

  • SHA512

    9a9c58191ff5ec3dac4d5e2d3f7acdfdb67d180705cf59350eab2f01b2b553ce9627e66da198b2122eb9ff3e8d7d9208ec66c2e398e6a55feda479b22919e267

Score
10/10
xloaderdpzzloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dpzz

Decoy

roadstown.com

idfaltd.com

infotechsearchgroup.com

elcuentodelaprincesa.com

youkutiyu88.com

wildparkresort.com

iss-sa.com

jmglaser.com

criticalthinking.store

cabinetsossa.com

satseconomy.com

newendtech.com

gran-piel.com

accoya.net

timothyschmallrealt.com

valentikaeventos.com

majestineprojector.com

love-austria.com

hermetikyogusmalikombi.com

karasevda-jor.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8893fe00e5bfd3794018c17254c26375.exe
    "C:\Users\Admin\AppData\Local\Temp\8893fe00e5bfd3794018c17254c26375.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Users\Admin\AppData\Local\Temp\8893fe00e5bfd3794018c17254c26375.exe
      "C:\Users\Admin\AppData\Local\Temp\8893fe00e5bfd3794018c17254c26375.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1300-59-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1300-60-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1300-61-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1300-62-0x0000000000BB0000-0x0000000000EB3000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1460-54-0x000000007466E000-0x000000007466F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1460-55-0x0000000000AD0000-0x0000000000BA4000-memory.dmp
    Filesize

    848KB

    Download
  • memory/1460-56-0x0000000004320000-0x0000000004321000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1460-57-0x0000000000810000-0x000000000081C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1460-58-0x0000000005280000-0x0000000005322000-memory.dmp
    Filesize

    648KB

    Download