Overview

overview

10

Static

static

3

bb8b400c9c...cc.exe

windows7-x64

10

bb8b400c9c...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb8b400c9c3f444de381acf781cbebcc

  • Size

    418KB

  • Sample

    231220-q2dpsaacek

  • MD5

    bb8b400c9c3f444de381acf781cbebcc

  • SHA1

    1598261c37d405414e8e33e141ce50b1e6a3ef59

  • SHA256

    a785cde7fd80fcc3fd215825a5d5d8d50d51092ba0df183c5d56bddd89e4bc07

  • SHA512

    53d22e8c4f83852a2b4bac90b2d109f82589178e9af37e5ce62dc64070677d402dd810e671bba7c26ef94563e360b3fc6df3b5d88e0a42e2cfec13081e65252e

  • SSDEEP

    6144:nnGcWifAcEOT/aNi7qagbMhag3bkyElEQ1qFjfVhlLgIdfHZk6OdQ+3HwO:nGcdmSSNsqagga6knER1VhlLXgwo

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      bb8b400c9c3f444de381acf781cbebcc

    • Size

      418KB

    • MD5

      bb8b400c9c3f444de381acf781cbebcc

    • SHA1

      1598261c37d405414e8e33e141ce50b1e6a3ef59

    • SHA256

      a785cde7fd80fcc3fd215825a5d5d8d50d51092ba0df183c5d56bddd89e4bc07

    • SHA512

      53d22e8c4f83852a2b4bac90b2d109f82589178e9af37e5ce62dc64070677d402dd810e671bba7c26ef94563e360b3fc6df3b5d88e0a42e2cfec13081e65252e

    • SSDEEP

      6144:nnGcWifAcEOT/aNi7qagbMhag3bkyElEQ1qFjfVhlLgIdfHZk6OdQ+3HwO:nGcdmSSNsqagga6knER1VhlLXgwo

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks