Analysis

  • max time kernel
    57s
  • max time network
    78s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    21/06/2022, 10:21

General

  • Target

    25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe

  • Size

    467KB

  • MD5

    0a7ee72e2b57214272b36a91835ece31

  • SHA1

    4f8ba6b8eee9c2f612cd046b34905cd110ec1b12

  • SHA256

    25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21

  • SHA512

    22d253e97694d8c62bd188c3ce9008445b3e41389672049ff8d768746fff3fba20a5025ca535b804a9bf976435cb7836e8d728009327c55ada359d2ee35c9f5b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

a2es

Decoy

glutenfreebahrain.com

sportrid.com

js-films.com

cie-revolver.com

outsourcinginstitutebd.com

roboticsdatascience.com

tebrunk.com

needgreatwork.com

df1b8j2iwbl33n.life

voluum-training.com

cherna-roza.com

xiyouap.com

bluefiftyfoundation.com

angolettomc.com

yhcp225.com

keondredejawn.com

ifeelsilky.com

coraorganizing.com

smartmindstutorials.com

tanphucuong.info

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

  • Xloader Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe
    "C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe
      "C:\Users\Admin\AppData\Local\Temp\25773608894ed7dced5dd50dc02483ffdd6d9ee3d79333aa8292c5d2a2586e21.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4200

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4200-197-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

        • memory/4200-198-0x0000000001310000-0x0000000001630000-memory.dmp

          Filesize

          3.1MB

        • memory/4692-117-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-118-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-119-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-120-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-121-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-122-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-123-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-124-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-125-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-126-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-127-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-129-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-130-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-131-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-128-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-132-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-133-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-135-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-137-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-140-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-139-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-138-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-136-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-134-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-141-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-142-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-144-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-143-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-146-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-145-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-147-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-148-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-149-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-150-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-151-0x0000000000820000-0x000000000089C000-memory.dmp

          Filesize

          496KB

        • memory/4692-152-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-153-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-154-0x0000000005680000-0x0000000005B7E000-memory.dmp

          Filesize

          5.0MB

        • memory/4692-155-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-156-0x00000000050B0000-0x0000000005142000-memory.dmp

          Filesize

          584KB

        • memory/4692-157-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-158-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-159-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-161-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-163-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-164-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-165-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-162-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-160-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-166-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-167-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-168-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-169-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-170-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-171-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-172-0x0000000005160000-0x000000000516A000-memory.dmp

          Filesize

          40KB

        • memory/4692-173-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-174-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-175-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-176-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-177-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-178-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-179-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-180-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-182-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-184-0x0000000005320000-0x000000000532E000-memory.dmp

          Filesize

          56KB

        • memory/4692-183-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-181-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-185-0x0000000077670000-0x00000000777FE000-memory.dmp

          Filesize

          1.6MB

        • memory/4692-186-0x0000000008B10000-0x0000000008B7A000-memory.dmp

          Filesize

          424KB

        • memory/4692-187-0x0000000008C30000-0x0000000008CCC000-memory.dmp

          Filesize

          624KB

        • memory/4692-188-0x0000000008BA0000-0x0000000008BD2000-memory.dmp

          Filesize

          200KB