Overview

overview

10

Static

static

3

SecuriteIn...77.exe

windows7-x64

10

SecuriteIn...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Bulz.771382.15623.28477.exe

  • Size

    793KB

  • Sample

    230716-mhm8bsfb5w

  • MD5

    f299a3572c1ca67f5df9c027c50f5488

  • SHA1

    98ae2458837e4f2bc4e518fd867d3edd28c4236f

  • SHA256

    b30baea69e5ba92f56e7d7aa79bb30ed9e889dfde1a690244c9fe02baef4617a

  • SHA512

    b67592a6fcb8110d41c86bc65141a4138fe251d139009f66235591e60a90905214d2694799f386f7ded8b1e247d38c024e8d102c05fdd645ba8045c81e7de4aa

  • SSDEEP

    12288:MotEJb4xECMrM7I+KA0Z2+8cjtHei+uo0hE/:nCCMrG/R0wTcjtHei+uo0hE/

Score
10/10
xloadermjyvloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mjyv

Decoy

wenyuexuan.com

tropicaldepression.info

healthylifefit.com

reemletenleafy.com

jmrrve.com

mabduh.com

esomvw.com

selfcaresereneneness.com

murdabudz.com

meinemail.online

brandqrcodes.com

live-in-pflege.com

nickrecovery.com

ziototoristorante.com

chatcure.com

corlora.com

localagentlab.com

yogo7.net

krveop.com

heianswer.xyz

Targets

    • Target

      SecuriteInfo.com.Variant.Bulz.771382.15623.28477.exe

    • Size

      793KB

    • MD5

      f299a3572c1ca67f5df9c027c50f5488

    • SHA1

      98ae2458837e4f2bc4e518fd867d3edd28c4236f

    • SHA256

      b30baea69e5ba92f56e7d7aa79bb30ed9e889dfde1a690244c9fe02baef4617a

    • SHA512

      b67592a6fcb8110d41c86bc65141a4138fe251d139009f66235591e60a90905214d2694799f386f7ded8b1e247d38c024e8d102c05fdd645ba8045c81e7de4aa

    • SSDEEP

      12288:MotEJb4xECMrM7I+KA0Z2+8cjtHei+uo0hE/:nCCMrG/R0wTcjtHei+uo0hE/

    Score
    10/10
    xloadermjyvloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks