Overview

overview

10

Static

static

SecuriteIn...79.exe

windows7-x64

1

SecuriteIn...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.61635607.21979.13379

  • Size

    490KB

  • Sample

    220901-c1vp1sfaaj

  • MD5

    24768fd24b01906119ac0626d90061ea

  • SHA1

    02f12d471a28aad572299617ad6cebf76c325a9e

  • SHA256

    8c8ee669405fa28246466c1b2bcc4cc1a57cf4d5128f5bfe7a3f25070a7c5936

  • SHA512

    78ee5aad3d348dcecea8e84f10864fc7694b79ab9124f50ea05103834a3a42509e02e597c2ca39f580768e09171099ba1aaa1bd6a71eb7e8bd16a7f26aee9e6b

  • SSDEEP

    12288:A2942IWQ20shxEXlTiWtUQDNGkkkkkkkkkkBWC/ZX6:79lBhhe1BtUQDJ9

Score
10/10
xloaderzgtbloaderrat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

zgtb

Decoy

gabriellep.com

honghe4.xyz

anisaofrendas.com

happy-tile.com

thesulkies.com

international-ipo.com

tazeco.info

hhhzzz.xyz

vrmonster.xyz

theearthresidencia.com

sportape.xyz

elshadaibaterias.com

koredeiihibi.com

taxtaa.com

globalcityb.com

fxivcama.com

dagsmith.com

elmar-bhp.com

peakice.net

jhcdjewelry.com

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.61635607.21979.13379

    • Size

      490KB

    • MD5

      24768fd24b01906119ac0626d90061ea

    • SHA1

      02f12d471a28aad572299617ad6cebf76c325a9e

    • SHA256

      8c8ee669405fa28246466c1b2bcc4cc1a57cf4d5128f5bfe7a3f25070a7c5936

    • SHA512

      78ee5aad3d348dcecea8e84f10864fc7694b79ab9124f50ea05103834a3a42509e02e597c2ca39f580768e09171099ba1aaa1bd6a71eb7e8bd16a7f26aee9e6b

    • SSDEEP

      12288:A2942IWQ20shxEXlTiWtUQDNGkkkkkkkkkkBWC/ZX6:79lBhhe1BtUQDJ9

    Score
    10/10
    xloaderzgtbloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks