Overview

overview

10

Static

static

3

af5aec64e9...7e.exe

windows7-x64

1

af5aec64e9...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af5aec64e95c21aaa7083c96ab1c417e

  • Size

    410KB

  • Sample

    231219-1wnynsgah4

  • MD5

    af5aec64e95c21aaa7083c96ab1c417e

  • SHA1

    ebad1d58f0d61e15be17043269546f159b084575

  • SHA256

    bc4d625ec4ba48b9c17bcd907fe509539a12bb0d6103ff65a4e3c59fb4eca07c

  • SHA512

    38e17d93083f77a11be095315f95afaf5f0536a777e53a98195b0572209cf06e53f576853c815e852e054ef29f7f99419f393d715ddbd7c05459c58836d7f247

  • SSDEEP

    6144:Z6O/lGqjqd7ym95IdbhgMzYhV855FtBr46vL3SJOv3Fd1OgkWAp2UMOE7:Zu8qom95Mbhg5E551r13j3FX8glt

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      af5aec64e95c21aaa7083c96ab1c417e

    • Size

      410KB

    • MD5

      af5aec64e95c21aaa7083c96ab1c417e

    • SHA1

      ebad1d58f0d61e15be17043269546f159b084575

    • SHA256

      bc4d625ec4ba48b9c17bcd907fe509539a12bb0d6103ff65a4e3c59fb4eca07c

    • SHA512

      38e17d93083f77a11be095315f95afaf5f0536a777e53a98195b0572209cf06e53f576853c815e852e054ef29f7f99419f393d715ddbd7c05459c58836d7f247

    • SSDEEP

      6144:Z6O/lGqjqd7ym95IdbhgMzYhV855FtBr46vL3SJOv3Fd1OgkWAp2UMOE7:Zu8qom95Mbhg5E551r13j3FX8glt

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks