Overview

overview

10

Static

static

1e7e19ce21...15.exe

windows7-x64

10

1e7e19ce21...15.exe

windows10-2004-x64

10

Resubmissions

16-08-2022 10:24

220816-mft8vsafd3 10

16-08-2022 10:24

220816-mfdacaafc5 1

16-08-2022 10:10

220816-l7npqaaec7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e7e19ce21214b78b2c90a6d440db777bb3ce42bb68924d592678a6fc0fdd515

  • Size

    688KB

  • Sample

    220816-l7npqaaec7

  • MD5

    9548294ff40a8c9c4b917421310a2286

  • SHA1

    42f001a13844196dc307f98ccd9128a1a7cd60c2

  • SHA256

    1e7e19ce21214b78b2c90a6d440db777bb3ce42bb68924d592678a6fc0fdd515

  • SHA512

    49f8abeffb7b47bfc7ea7a973a515472525d37f490c098fc5f9660f1a3668a016b6dac63e9f91b01f80fba9d6a7ce79c8488d86a2fc879c301795869b998f01b

Score
10/10
xloadern5mzloaderrat

Malware Config

Extracted

Family

xloader

Version

2.7

Campaign

n5mz

Decoy

ezhuilike.com

broomstickrum.com

ramaniclothing.com

midbots.com

rlxscpe.com

elanagro.online

chahuajie.com

digipubcity.com

predatorstoppers.com

savas-jewelry.com

timinis23.com

homesteaddesignstudio.net

bellezadehoy.online

disintar.xyz

sharinks.tech

redfoxdetroit.com

resscoptheron.com

aspiritualgiftshoppe.com

tematemazo.com

assasa.net

Targets

    • Target

      1e7e19ce21214b78b2c90a6d440db777bb3ce42bb68924d592678a6fc0fdd515

    • Size

      688KB

    • MD5

      9548294ff40a8c9c4b917421310a2286

    • SHA1

      42f001a13844196dc307f98ccd9128a1a7cd60c2

    • SHA256

      1e7e19ce21214b78b2c90a6d440db777bb3ce42bb68924d592678a6fc0fdd515

    • SHA512

      49f8abeffb7b47bfc7ea7a973a515472525d37f490c098fc5f9660f1a3668a016b6dac63e9f91b01f80fba9d6a7ce79c8488d86a2fc879c301795869b998f01b

    Score
    10/10
    xloadern5mzloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks