Overview

overview

10

Static

static

10

SWhs.exe

windows7-x64

10

SWhs.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SWhs.exe

  • Size

    160KB

  • Sample

    230131-zenqxaac87

  • MD5

    9b39457703898f689b0e92a03d3408bf

  • SHA1

    12cfebd737b58e1d961f226e087716ff38c420d3

  • SHA256

    163e4dd4d77797c1b788c03c0f71911d2181573bdf4f048e953563b072a234c6

  • SHA512

    73d7983c9582b28fff9044e328d6358c27a00aa687694e695a1f52c74d2eb43cd5674af6ad8c00b54fbdaa1c54896d1d775f529244f749f18c570713c3e24fa9

  • SSDEEP

    3072:EhhrDpv/3jb+Na8dZL9My3BhYpm16G5tKartyetVTeH+QRRnNxm4s:E3gpF9NxhEm1j5tXrYette/nF

Score
10/10
xloaderpzb5loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pzb5

Decoy

laceez-store.com

fastcobra.icu

adust.site

parcelpunk.com

dabanse.info

themacshisha.com

ketogenic-success.com

simplyrip.com

antoniolima.icu

ruyakeji.net

sysintegrados2.com

triangle-resolute.com

muratkivrak.com

ntwrkrecs.com

gtxhcntq.icu

charlottepromo.com

trygreenbar.com

abbathandhottub.com

sliim-up.com

hoteldeleauvive.com

Targets

    • Target

      SWhs.exe

    • Size

      160KB

    • MD5

      9b39457703898f689b0e92a03d3408bf

    • SHA1

      12cfebd737b58e1d961f226e087716ff38c420d3

    • SHA256

      163e4dd4d77797c1b788c03c0f71911d2181573bdf4f048e953563b072a234c6

    • SHA512

      73d7983c9582b28fff9044e328d6358c27a00aa687694e695a1f52c74d2eb43cd5674af6ad8c00b54fbdaa1c54896d1d775f529244f749f18c570713c3e24fa9

    • SSDEEP

      3072:EhhrDpv/3jb+Na8dZL9My3BhYpm16G5tKartyetVTeH+QRRnNxm4s:E3gpF9NxhEm1j5tXrYette/nF

    Score
    10/10
    xloaderpzb5loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks