metastealer | 1e5f87fba7b8c1e64c49d6ebd738bae96460864d8f1ba6fe5d30a345b641bdf9

General

Target

1e5f87fba7b8c1e64c49d6ebd738bae96460864d8f1ba6fe5d30a345b641bdf9
Size

742KB
Sample

220414-pxln6acbc4
MD5

02f58acd16b13f5b147a5daab976103e
SHA1

8f353483ac4437fd5bcb090acc82326d533a8250
SHA256

1e5f87fba7b8c1e64c49d6ebd738bae96460864d8f1ba6fe5d30a345b641bdf9
SHA512

4dc3fa6075d142700fa5d624c54fe158a2470f06361cc4fbcefc3b8888b9b33aab4ea3e0dda36e5a4b3b534789e8eebec9ec0d12aeb104bc6e1b5e2bf810762c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

igqu

Decoy

coveloungewineandwhiskey.com

chemtradent.com

educare.cloud

shopnicknaks.com

realitytvstockwatch.com

handsfreedocs.com

trafegopago.com

ariasu-nakanokaikei.com

allmm.info

elleatx.com

erpsystem.site

whatisastaxanthin.com

hemparcade.com

ownumo.com

pasumaisangam.com

theoutdoorbed.com

plantpowered.energy

elevenelevenapparelcompany.com

vrspace.ltd

justsoldbykristen.com

Targets

- Target
  
  1e5f87fba7b8c1e64c49d6ebd738bae96460864d8f1ba6fe5d30a345b641bdf9
- Size
  
  742KB
- MD5
  
  02f58acd16b13f5b147a5daab976103e
- SHA1
  
  8f353483ac4437fd5bcb090acc82326d533a8250
- SHA256
  
  1e5f87fba7b8c1e64c49d6ebd738bae96460864d8f1ba6fe5d30a345b641bdf9
- SHA512
  
  4dc3fa6075d142700fa5d624c54fe158a2470f06361cc4fbcefc3b8888b9b33aab4ea3e0dda36e5a4b3b534789e8eebec9ec0d12aeb104bc6e1b5e2bf810762c
Score

10^/10

xloader igqu loader rat metastealer stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Meta Stealer Stealer

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2