Overview

overview

10

Static

static

1

SWIFT_0174...df.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SWIFT_017447774775848493948849338283743_pdf.exe

  • Size

    435KB

  • Sample

    220310-gevv4seca5

  • MD5

    ece94abdc2bafaaf6e9bf7efc38e3ea9

  • SHA1

    2bec8d6d5c908506cc64452b8601b51d08b45cb9

  • SHA256

    b4bc1b06cda923911c889c35ae5b4ddc8b2a999140ae1a66a50844989e7d1767

  • SHA512

    dcd5d659b2b52bf79db3f07e51f6b5b0464c12e44010c0efe970bab3481a47d3beae2d674b852ec70577fdbf7eb3c8d3fa177cd82b811ee4845246757d8943d3

Score
10/10
xloaderubqkloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ubqk

Decoy

tundrat-celltherapy.com

superfinance.club

5x5week.com

687504.com

clarkdn.com

potterypklsck.xyz

4m5k.com

21t8.com

94o2ohfjg.com

bhupendratravels.com

nomadashop.com

w388bet.bet

naturalenetwork.net

tupaqu.com

osooir.com

jengly.com

cbsharjah.icu

tokowallpaperbekasi.com

baggamut.com

upoon81.com

Targets

    • Target

      SWIFT_017447774775848493948849338283743_pdf.exe

    • Size

      435KB

    • MD5

      ece94abdc2bafaaf6e9bf7efc38e3ea9

    • SHA1

      2bec8d6d5c908506cc64452b8601b51d08b45cb9

    • SHA256

      b4bc1b06cda923911c889c35ae5b4ddc8b2a999140ae1a66a50844989e7d1767

    • SHA512

      dcd5d659b2b52bf79db3f07e51f6b5b0464c12e44010c0efe970bab3481a47d3beae2d674b852ec70577fdbf7eb3c8d3fa177cd82b811ee4845246757d8943d3

    Score
    10/10
    xloaderubqkloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks