Overview

overview

10

Static

static

04fa3af642...92.exe

windows7_x64

10

04fa3af642...92.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92

  • Size

    622KB

  • Sample

    220708-vtkkksbgam

  • MD5

    c8c8329d0d21f5fc7488cd7b9fb5eb41

  • SHA1

    9d7058e8c3f75461274f5c5250c18e6eaf0b2a6e

  • SHA256

    04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92

  • SHA512

    0e393ca6720e2144b0f1ad3b074c2d55c7363d1ac17adf0f383811110f7c7adde26a93f7984eaf8138755e08d60a1be40c576f13756e782db574a4ea17bebd72

Score
10/10
xloaderchgloaderrat

Malware Config

Extracted

Family

xloader

Version

2.2

Campaign

chg

Decoy

ceipsanisidorogiralda.com

mypinglabs.com

grupodicore.com

hondabuilt.com

prets-enligne.com

treatyourdryeyesinfousa.com

newsonedition.com

puppetsforhireband.com

404universal.com

bipoctravel.com

aspiritdigital.com

saib.group

eatonvancewateroakadvisors.com

momoglobalshop.com

reimagineeducationlab.com

looleep.com

facefactorgame.com

paramount-realms.com

saintinnovations.com

hospitaldeanimales.com

Targets

    • Target

      04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92

    • Size

      622KB

    • MD5

      c8c8329d0d21f5fc7488cd7b9fb5eb41

    • SHA1

      9d7058e8c3f75461274f5c5250c18e6eaf0b2a6e

    • SHA256

      04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92

    • SHA512

      0e393ca6720e2144b0f1ad3b074c2d55c7363d1ac17adf0f383811110f7c7adde26a93f7984eaf8138755e08d60a1be40c576f13756e782db574a4ea17bebd72

    Score
    10/10
    xloaderchgloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks