Overview

overview

10

Static

static

026c9f0901...6b.exe

windows7_x64

10

026c9f0901...6b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    026c9f0901c1f8edc43dbc0cc965186b

  • Size

    844KB

  • Sample

    220616-jvzv4sceg5

  • MD5

    026c9f0901c1f8edc43dbc0cc965186b

  • SHA1

    a500f8cce19f08ff89b9f8c39f34009872cc3e75

  • SHA256

    9dcb8b18c173b2407f6edd177227417ab9e0742997570b07d3d40ec71506480d

  • SHA512

    81053ecb219dde722185e57db6d2091ec60a2607a3335147b4a6b733123334730b32cec59ebef3251e5185fa6d36182e8e951c8c60ba4f8026bae82cac24f5c3

Score
10/10
xloaderr87gloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r87g

Decoy

gzjyjzsj.com

rapibest.com

affordablebathroomsbyfrank.net

roboruben.com

xn--dlisucr-byag.com

encoreasso.com

piscire.com

dixiebusybee.com

newrome.xyz

sunshinejon.com

glacierforfcs.xyz

borhanmarket.com

tous-des-cons.club

hsfstea.com

spiniform.info

vaicomfibra.com

shinigami.xyz

kryptoindia.com

listentoappetite.com

securepplpay.com

Targets

    • Target

      026c9f0901c1f8edc43dbc0cc965186b

    • Size

      844KB

    • MD5

      026c9f0901c1f8edc43dbc0cc965186b

    • SHA1

      a500f8cce19f08ff89b9f8c39f34009872cc3e75

    • SHA256

      9dcb8b18c173b2407f6edd177227417ab9e0742997570b07d3d40ec71506480d

    • SHA512

      81053ecb219dde722185e57db6d2091ec60a2607a3335147b4a6b733123334730b32cec59ebef3251e5185fa6d36182e8e951c8c60ba4f8026bae82cac24f5c3

    Score
    10/10
    xloaderr87gloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks