xloader | cacc2fce9fcad0d3c1cdfba7595e558e839a191b2c6f9dd6215236747fb04b3a

Analysis

max time kernel
75s
max time network
77s
platform
windows10_x64
resource
win10-20220414-en
submitted
28-05-2022 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gkumwpprp.exe
Size

466KB
MD5

586fd59bae867e97a33e998346b3034e
SHA1

ca5f8535736e031203f1494332b809604b53e986
SHA256

cacc2fce9fcad0d3c1cdfba7595e558e839a191b2c6f9dd6215236747fb04b3a
SHA512

a4bd54f93bc31b89bca8c565780ad083368e4bfc8e1fe2c5eef519464fefba601043f253ed1da4768be73d31c4dfa0d68af92a58d38768e223b1cca968a046c5

Score

10^/10

xloader i3gs loader rat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

i3gs

Decoy

cbheyusk.xyz

magesticbuckphotography.com

fre2robux.xyz

viwaves.com

aveoblackops.com

doctorcoon.com

ariasin.com

ecommercelojass.com

hidden-stone.com

formoney.space

4camerlcas.com

ycygdq.com

wnubd.info

lovelygalore.space

jennafergrace-us.com

antojitoschamoy.com

metafarmacias.net

ownersstar.com

bllogin.com

lgzah.xyz

Signatures

Xloader
Xloader is a rebranded version of Formbook malware.
loader xloader

Xloader Payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/3400-191-0x0000000002740000-0x000000000276B000-memory.dmp	xloader

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2332 3400 WerFault.exe Gkumwpprp.exe

pid	pid_target	process	target process
2332	3400	WerFault.exe	Gkumwpprp.exe

C:\Users\Admin\AppData\Local\Temp\Gkumwpprp.exe
"C:\Users\Admin\AppData\Local\Temp\Gkumwpprp.exe"
1⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 1156
2⤵
- Program crash
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3400-118-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-119-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-120-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-121-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-122-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-123-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-124-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-125-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-126-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-127-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-128-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-129-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-130-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-131-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-132-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-133-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-134-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-135-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-136-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-137-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-138-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-139-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-140-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-141-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-142-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-143-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-144-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-145-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-146-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-147-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-148-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-149-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-150-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-151-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-152-0x00000000004C0000-0x000000000053A000-memory.dmp

Filesize
488KB

Download
memory/3400-154-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-153-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-155-0x00000000051D0000-0x00000000056CE000-memory.dmp

Filesize
5.0MB

Download
memory/3400-156-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-157-0x0000000004D70000-0x0000000004E02000-memory.dmp

Filesize
584KB

Download
memory/3400-158-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-159-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-160-0x0000000072160000-0x00000000734EF000-memory.dmp

Filesize
19.6MB

Download
memory/3400-161-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-162-0x0000000070E70000-0x0000000071650000-memory.dmp

Filesize
7.9MB

Download
memory/3400-163-0x0000000070D70000-0x0000000070E6C000-memory.dmp

Filesize
1008KB

Download
memory/3400-164-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-166-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-167-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-165-0x0000000070630000-0x0000000070D6E000-memory.dmp

Filesize
7.2MB

Download
memory/3400-168-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-169-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-170-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-171-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-173-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-172-0x0000000071650000-0x0000000072060000-memory.dmp

Filesize
10.1MB

Download
memory/3400-174-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-175-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-176-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-177-0x0000000004D50000-0x0000000004D5A000-memory.dmp

Filesize
40KB

Download
memory/3400-178-0x0000000072160000-0x00000000734EF000-memory.dmp

Filesize
19.6MB

Download
memory/3400-179-0x0000000070D70000-0x0000000070E6C000-memory.dmp

Filesize
1008KB

Download
memory/3400-180-0x0000000070630000-0x0000000070D6E000-memory.dmp

Filesize
7.2MB

Download
memory/3400-181-0x0000000071650000-0x0000000072060000-memory.dmp

Filesize
10.1MB

Download
memory/3400-182-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-183-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-184-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-185-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-186-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-187-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-188-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-189-0x0000000008370000-0x00000000083D8000-memory.dmp

Filesize
416KB

Download
memory/3400-190-0x00000000083F0000-0x000000000843C000-memory.dmp

Filesize
304KB

Download
memory/3400-191-0x0000000002740000-0x000000000276B000-memory.dmp

Filesize
172KB

Download
memory/3400-192-0x00000000773B0000-0x000000007753E000-memory.dmp

Filesize
1.6MB

Download
memory/3400-193-0x0000000071650000-0x0000000072060000-memory.dmp

Filesize
10.1MB

Download
memory/3400-194-0x0000000070E70000-0x0000000071650000-memory.dmp

Filesize
7.9MB

Download
memory/3400-195-0x0000000072160000-0x00000000734EF000-memory.dmp

Filesize
19.6MB

Download