Overview

overview

10

Static

static

ff766cdd10...bb.exe

windows7_x64

10

ff766cdd10...bb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff766cdd10083147250eabfcaa76bebb

  • Size

    572KB

  • Sample

    220427-mfylaafcep

  • MD5

    ff766cdd10083147250eabfcaa76bebb

  • SHA1

    936815953ebeb2a771b03d86923079c01d2eb7f9

  • SHA256

    6dcb58ae937b9194609ef51a11f945abb7b82d9f10e032bbef2fda12ee96e6db

  • SHA512

    bdf81fdd836b74762bc22d522c9e6a2da73923a62355395472f8d9cf781bcc1fb8da7a6a165ba834ce18a913753e3463b4f9380e67a2cc136db0b2afcf3adac3

Score
10/10
xloaderr87gloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r87g

Decoy

gzjyjzsj.com

rapibest.com

affordablebathroomsbyfrank.net

roboruben.com

xn--dlisucr-byag.com

encoreasso.com

piscire.com

dixiebusybee.com

newrome.xyz

sunshinejon.com

glacierforfcs.xyz

borhanmarket.com

tous-des-cons.club

hsfstea.com

spiniform.info

vaicomfibra.com

shinigami.xyz

kryptoindia.com

listentoappetite.com

securepplpay.com

Targets

    • Target

      ff766cdd10083147250eabfcaa76bebb

    • Size

      572KB

    • MD5

      ff766cdd10083147250eabfcaa76bebb

    • SHA1

      936815953ebeb2a771b03d86923079c01d2eb7f9

    • SHA256

      6dcb58ae937b9194609ef51a11f945abb7b82d9f10e032bbef2fda12ee96e6db

    • SHA512

      bdf81fdd836b74762bc22d522c9e6a2da73923a62355395472f8d9cf781bcc1fb8da7a6a165ba834ce18a913753e3463b4f9380e67a2cc136db0b2afcf3adac3

    Score
    10/10
    xloaderr87gloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks