Overview

overview

10

Static

static

banco_tran...22.exe

windows7_x64

1

banco_tran...22.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    banco_transferencia0280222.exe

  • Size

    54KB

  • Sample

    220228-tcsdeseeh5

  • MD5

    75c063f3e5bc2c6d22d69808c5f05f23

  • SHA1

    2ed397d5b902e367bae3f07848c258b63f669997

  • SHA256

    6f0508408689f77795e27f5320115355744c6b7d02cf59197dae8646bc73f267

  • SHA512

    6a4c3d048ee62edd468a510bab0657b5ef9a33b86c5005efaa8794358ceb3fa9ab986da63edd38cae0197264a82c6b1b4635d5cf400fc9111cc6eda4e5c6b9dc

Score
10/10
xloaderuar3loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

jogoreviravolta.com

keysine.com

sami60.com

morganators.com

referral.directory

campdiscount.info

vanwah.com

jmtmjz.com

der-transformationscode.com

evangelvalormedia.com

bedsidehomecare.com

novaair.net

privilegetroissecurity.com

elsiepupz.com

yy77kk.com

nt-renewable.com

alyaqoutalabyadhautoparts.com

start-play-now.com

myskew.com

himalaya-finance.com

Targets

    • Target

      banco_transferencia0280222.exe

    • Size

      54KB

    • MD5

      75c063f3e5bc2c6d22d69808c5f05f23

    • SHA1

      2ed397d5b902e367bae3f07848c258b63f669997

    • SHA256

      6f0508408689f77795e27f5320115355744c6b7d02cf59197dae8646bc73f267

    • SHA512

      6a4c3d048ee62edd468a510bab0657b5ef9a33b86c5005efaa8794358ceb3fa9ab986da63edd38cae0197264a82c6b1b4635d5cf400fc9111cc6eda4e5c6b9dc

    Score
    10/10
    xloaderuar3loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks