Overview

overview

10

Static

static

214410acd6...c1.exe

windows7_x64

10

214410acd6...c1.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    54s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-07-2022 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    214410acd621e551b295b93f5e5f61c1.exe

  • Size

    660KB

  • MD5

    214410acd621e551b295b93f5e5f61c1

  • SHA1

    5f6ecc217d61fe0675815eccb242663223c0f947

  • SHA256

    f6b709d4d41b801c2f5df85f05f3396ab9a2d0b1851ebdc5e434b03c184dacd6

  • SHA512

    7788d66004ef9d91faed6aa66c7e6f7bcd3a8d8d27dc6af5c31907165838921f46cdd76eea96b51da5c7b0a6af56a0f1abf3ab419a0844b500214140b19b2485

Score
10/10
xloadera2esloaderrat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

a2es

Decoy

glutenfreebahrain.com

sportrid.com

js-films.com

cie-revolver.com

outsourcinginstitutebd.com

roboticsdatascience.com

tebrunk.com

needgreatwork.com

df1b8j2iwbl33n.life

voluum-training.com

cherna-roza.com

xiyouap.com

bluefiftyfoundation.com

angolettomc.com

yhcp225.com

keondredejawn.com

ifeelsilky.com

coraorganizing.com

smartmindstutorials.com

tanphucuong.info

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\214410acd621e551b295b93f5e5f61c1.exe
    "C:\Users\Admin\AppData\Local\Temp\214410acd621e551b295b93f5e5f61c1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Local\Temp\214410acd621e551b295b93f5e5f61c1.exe
      "C:\Users\Admin\AppData\Local\Temp\214410acd621e551b295b93f5e5f61c1.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1520-54-0x0000000000A70000-0x0000000000B1C000-memory.dmp
    Filesize

    688KB

    Download
  • memory/1520-55-0x0000000076451000-0x0000000076453000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1520-56-0x00000000004E0000-0x0000000000500000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1520-57-0x0000000002220000-0x000000000222E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1520-58-0x0000000005840000-0x00000000058BA000-memory.dmp
    Filesize

    488KB

    Download
  • memory/1520-59-0x0000000004D70000-0x0000000004DA2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2016-60-0x0000000000400000-0x000000000042B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2016-61-0x0000000000400000-0x000000000042B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2016-63-0x0000000000400000-0x000000000042B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2016-64-0x000000000041F2B0-mapping.dmp
    Download
  • memory/2016-65-0x0000000000B20000-0x0000000000E23000-memory.dmp
    Filesize

    3.0MB

    Download