Overview

overview

10

Static

static

Gkumwpprp.exe

windows7_x64

10

Gkumwpprp.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gkumwpprp.exe

  • Size

    466KB

  • Sample

    220528-jb2wcscff9

  • MD5

    586fd59bae867e97a33e998346b3034e

  • SHA1

    ca5f8535736e031203f1494332b809604b53e986

  • SHA256

    cacc2fce9fcad0d3c1cdfba7595e558e839a191b2c6f9dd6215236747fb04b3a

  • SHA512

    a4bd54f93bc31b89bca8c565780ad083368e4bfc8e1fe2c5eef519464fefba601043f253ed1da4768be73d31c4dfa0d68af92a58d38768e223b1cca968a046c5

Score
10/10
xloaderi3gsloaderrat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

i3gs

Decoy

cbheyusk.xyz

magesticbuckphotography.com

fre2robux.xyz

viwaves.com

aveoblackops.com

doctorcoon.com

ariasin.com

ecommercelojass.com

hidden-stone.com

formoney.space

4camerlcas.com

ycygdq.com

wnubd.info

lovelygalore.space

jennafergrace-us.com

antojitoschamoy.com

metafarmacias.net

ownersstar.com

bllogin.com

lgzah.xyz

Targets

    • Target

      Gkumwpprp.exe

    • Size

      466KB

    • MD5

      586fd59bae867e97a33e998346b3034e

    • SHA1

      ca5f8535736e031203f1494332b809604b53e986

    • SHA256

      cacc2fce9fcad0d3c1cdfba7595e558e839a191b2c6f9dd6215236747fb04b3a

    • SHA512

      a4bd54f93bc31b89bca8c565780ad083368e4bfc8e1fe2c5eef519464fefba601043f253ed1da4768be73d31c4dfa0d68af92a58d38768e223b1cca968a046c5

    Score
    10/10
    xloaderi3gsloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks