Overview

overview

10

Static

static

3

436e92098a...3a.exe

windows7-x64

10

436e92098a...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    436e92098a95e694d9c7d6d63e522e3a

  • Size

    255KB

  • Sample

    231225-3jjvasgddr

  • MD5

    436e92098a95e694d9c7d6d63e522e3a

  • SHA1

    8811636dd2e2b6b5fd32cd2bf0ad3c277718db4b

  • SHA256

    abb184e2afdbbc65327aa2ce9eb3075cade745126b8da118abbebc0c5ad8b7e5

  • SHA512

    47a12ec4b32b9687d7da340d7adeabe1f240a175c3c00f646860efa2126ad324fc40cd3428d54e15ef4c14ed2d380b10162e2f60f895ca5f4678d2da18422032

  • SSDEEP

    6144:WLWfVPtZVWre+os+zrWRqXbh2FKhpo2ax3eOUEJUBJND:bfVVWrzR+uR4bhm0pofNUEJUBD

Score
10/10
xloaderb6a4loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

    • Target

      436e92098a95e694d9c7d6d63e522e3a

    • Size

      255KB

    • MD5

      436e92098a95e694d9c7d6d63e522e3a

    • SHA1

      8811636dd2e2b6b5fd32cd2bf0ad3c277718db4b

    • SHA256

      abb184e2afdbbc65327aa2ce9eb3075cade745126b8da118abbebc0c5ad8b7e5

    • SHA512

      47a12ec4b32b9687d7da340d7adeabe1f240a175c3c00f646860efa2126ad324fc40cd3428d54e15ef4c14ed2d380b10162e2f60f895ca5f4678d2da18422032

    • SSDEEP

      6144:WLWfVPtZVWre+os+zrWRqXbh2FKhpo2ax3eOUEJUBJND:bfVVWrzR+uR4bhm0pofNUEJUBD

    Score
    10/10
    xloaderb6a4loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks