Overview

overview

10

Static

static

cb38d8143b...b4.exe

windows7_x64

10

cb38d8143b...b4.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    93s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    05-07-2022 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb38d8143b2216edab036acee36f25b4.exe

  • Size

    632KB

  • MD5

    cb38d8143b2216edab036acee36f25b4

  • SHA1

    1401d9123df44612f599865e9b2df8941779c687

  • SHA256

    7fd0e394a9d74592a74d04b3dccf2dcf8457d0e894cadadbf999c327e9b3940e

  • SHA512

    15315313dc0cc805771c7a3ccdf20851e39279a001272cdf71e1078fd7b907d83ffa6fc6292e83743963849ea1b2433036e746c8377edf8f6c9dcb2f76e2f010

Score
10/10
xloaderloaderrat

Malware Config

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb38d8143b2216edab036acee36f25b4.exe
    "C:\Users\Admin\AppData\Local\Temp\cb38d8143b2216edab036acee36f25b4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Users\Admin\AppData\Local\Temp\cb38d8143b2216edab036acee36f25b4.exe
      "C:\Users\Admin\AppData\Local\Temp\cb38d8143b2216edab036acee36f25b4.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1452-130-0x0000000000EE0000-0x0000000000F84000-memory.dmp
    Filesize

    656KB

    Download
  • memory/1452-131-0x0000000006180000-0x0000000006724000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1452-132-0x00000000059D0000-0x0000000005A62000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1452-133-0x0000000005930000-0x000000000593A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1452-134-0x00000000099E0000-0x0000000009A7C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1452-135-0x0000000009AF0000-0x0000000009B56000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2684-136-0x0000000000000000-mapping.dmp
    Download
  • memory/2684-137-0x0000000000400000-0x000000000042C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/2684-138-0x0000000001790000-0x0000000001ADA000-memory.dmp
    Filesize

    3.3MB

    Download