Overview

overview

10

Static

static

1

d6e9bc370c...32.exe

windows7-x64

10

d6e9bc370c...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12b4de76a66b1c1bbef02a0285974fac

  • Size

    206KB

  • Sample

    221028-w2gdkaafap

  • MD5

    578dce0d73569a3f5c36b75e2baef87f

  • SHA1

    e4159fbffa0181bbdd3630b0a9408c3e9a48dfb1

  • SHA256

    365bfb45c0a1efe2a8c8af0453a81452bca92ddf414ccc35e1b1c6316d7da4a6

  • SHA512

    b178d2e33006d718ae7e207fc24688f65a730fdeb767c0c13c81a3aff31fc26d42c3e7198604dca631dfb9e639139f4564e08d519d7c123dffa05fc49351104e

  • SSDEEP

    6144:jCRp+rZ/G9stI5zOqTZWuw4pIV06+HxksG4:jCRpYiswPsqIV8xLD

Score
10/10
xloaderp086loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

    • Target

      d6e9bc370c4bf740cf29e024f68bc4a3c2cab00a5f0db564067afbe12f725d32

    • Size

      218KB

    • MD5

      12b4de76a66b1c1bbef02a0285974fac

    • SHA1

      573d8b9791c8c453964d8585a96cd7525040c683

    • SHA256

      d6e9bc370c4bf740cf29e024f68bc4a3c2cab00a5f0db564067afbe12f725d32

    • SHA512

      1efb76110dd0d46f4a2a32211e8710df3b66394b8c665e7739625102dbacb8bb268f8f07ad2d5fefcf66750db29ab2d64fbc520c0c60a2e5c852b95dcc46cf74

    • SSDEEP

      3072:9QIURTXJIqMWsRlp/9/Htdosc22LGb9/awn+2X7PoM/ay6yGGk8yEsNAueluG:9sqWCPdVsGBCwnVX7PouayQGPsNA5V

    Score
    10/10
    xloaderp086loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks