Overview

overview

10

Static

static

3

0c38fc3c0a...bb.exe

windows7-x64

10

0c38fc3c0a...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c38fc3c0a2465e3a15e1bac02f6b4bb

  • Size

    252KB

  • Sample

    231224-w7yj2aafg4

  • MD5

    0c38fc3c0a2465e3a15e1bac02f6b4bb

  • SHA1

    8220e570da33641eafcc094ba8824c2624bc92ff

  • SHA256

    b84be8911946bbe709de08dcaa4c04efc8640d92889dd5603c8afaad142a79af

  • SHA512

    8a339b9f4e36cc04cee2cc4ac1f3f3e1e3124579ef8fb3ba81f68182d89da16ed3247cfc3cf7e22952853d9daa1d486c9ef98c704a4164049a70c5b4bc7291b8

  • SSDEEP

    6144:6w1Rg0otCAGOKVUZbz2kp7b+dRD0lV/erzs062suy:v13GzWUZG9D0/UFvy

Score
10/10
xloaderpagiloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

    • Target

      0c38fc3c0a2465e3a15e1bac02f6b4bb

    • Size

      252KB

    • MD5

      0c38fc3c0a2465e3a15e1bac02f6b4bb

    • SHA1

      8220e570da33641eafcc094ba8824c2624bc92ff

    • SHA256

      b84be8911946bbe709de08dcaa4c04efc8640d92889dd5603c8afaad142a79af

    • SHA512

      8a339b9f4e36cc04cee2cc4ac1f3f3e1e3124579ef8fb3ba81f68182d89da16ed3247cfc3cf7e22952853d9daa1d486c9ef98c704a4164049a70c5b4bc7291b8

    • SSDEEP

      6144:6w1Rg0otCAGOKVUZbz2kp7b+dRD0lV/erzs062suy:v13GzWUZG9D0/UFvy

    Score
    10/10
    xloaderpagiloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks