Overview

overview

10

Static

static

10

0.exe

windows7-x64

10

0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0.exe

  • Size

    163KB

  • Sample

    230120-wttc6ahb79

  • MD5

    a4a9a8d2a7bfdcc21c51a2b2015e6de9

  • SHA1

    5ce069dd1c3bc14adbf6629d30350999f42dd6ab

  • SHA256

    223430a82147cb3fdb9c50c0f133c766c42a24ac655406dd908d198a8334dcda

  • SHA512

    86ebdabf102aafb0a4ca5be2446bc6a533e595856f47ff50ac2fe7f71d045576cd684c7a42870bae4f8c65f2f8262fa828058bab51c94f6b8cc7ad92153266aa

  • SSDEEP

    3072:38JCSpCjqSQeAdXZGMy0evnZqQso21HZWgO9b75Gz63WPA0rA:3tC0gIMHSZqQso2qgO9btG+3W40

Score
10/10
xloader2bunloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

2bun

Decoy

istanbulescort1.xyz

sh1rt.online

digitalmarmot.com

worldscoolesthifi.com

zorgportaalmdn.store

bswys.com

las3curiosas.com

ucokisal.com

xn--j1ad.net

myoveragerecovery.com

eltool.net

shungiteglobal.com

telenor-no.com

xulonrobotics.com

soyredy.com

1forall.info

patsyzeitlin.com

hellocs.xyz

hasundue.net

dein-urkundenrahmen.com

Targets

    • Target

      0.exe

    • Size

      163KB

    • MD5

      a4a9a8d2a7bfdcc21c51a2b2015e6de9

    • SHA1

      5ce069dd1c3bc14adbf6629d30350999f42dd6ab

    • SHA256

      223430a82147cb3fdb9c50c0f133c766c42a24ac655406dd908d198a8334dcda

    • SHA512

      86ebdabf102aafb0a4ca5be2446bc6a533e595856f47ff50ac2fe7f71d045576cd684c7a42870bae4f8c65f2f8262fa828058bab51c94f6b8cc7ad92153266aa

    • SSDEEP

      3072:38JCSpCjqSQeAdXZGMy0evnZqQso21HZWgO9b75Gz63WPA0rA:3tC0gIMHSZqQso2qgO9btG+3W40

    Score
    10/10
    xloader2bunloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks