Overview

overview

10

Static

static

7t98b0nkQlBODdw.exe

windows7_x64

10

7t98b0nkQlBODdw.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7t98b0nkQlBODdw.exe

  • Size

    1.0MB

  • Sample

    220222-s2jxxaaee5

  • MD5

    0466190246cd2f51a7784d53820242ac

  • SHA1

    f85c141f0d77f97ffea3af67866e1b311c2fb7bb

  • SHA256

    873dbebeb40efa109a634b2ca2cb3faeae658dae5c19b518f4769c6dd65f4d38

  • SHA512

    1f07df02ce04c07b1f94ebdf8095d1a4358059761f274b044acddc1bdf0d1145d9a40a2d7dbd499cec5a950d6bea6765b4a98f923ec2a84a0aff3972373e8e9e

Score
10/10
xloaderwdc8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wdc8

Decoy

mygotomaid.com

joyoushealthandwellnessspa.com

wefundprojects.com

magicbasketbourse.net

vitos3.xyz

oligopoly.city

beauty-bihada.asia

visitnewrichmond.com

crgeniusworld.biz

bantasis.com

transsexual.pro

casagraph.com

eastjamrecords.com

howtotrainyourmustache.com

heiappropriate.xyz

bataperu.com

ces341.com

prajahitha.com

manuelagattegger.com

wolfpackmotorcycletours.com

Targets

    • Target

      7t98b0nkQlBODdw.exe

    • Size

      1.0MB

    • MD5

      0466190246cd2f51a7784d53820242ac

    • SHA1

      f85c141f0d77f97ffea3af67866e1b311c2fb7bb

    • SHA256

      873dbebeb40efa109a634b2ca2cb3faeae658dae5c19b518f4769c6dd65f4d38

    • SHA512

      1f07df02ce04c07b1f94ebdf8095d1a4358059761f274b044acddc1bdf0d1145d9a40a2d7dbd499cec5a950d6bea6765b4a98f923ec2a84a0aff3972373e8e9e

    Score
    10/10
    xloaderwdc8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks