Overview

overview

10

Static

static

3

3491c33f51...cb.exe

windows7-x64

10

3491c33f51...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3491c33f5128081ae84219bbc4068fcb

  • Size

    324KB

  • Sample

    231225-w44a4scfel

  • MD5

    3491c33f5128081ae84219bbc4068fcb

  • SHA1

    23f1bd76d12ae78dcccaa244a6cec80d85ea7258

  • SHA256

    18e6e02d43d660b18e79a33afd5448f28bf7e24a2bcc070667cedda0f8e97a25

  • SHA512

    ce90ec8db5aa48e53c1a9d9df7194c80090fc7f978c990bda0eb1ee6910233173f4342fa5210fb628ba26a0c12accc8134b95cb7fe313c3b2ef93d6eefe783d2

  • SSDEEP

    6144:gMIGxTYW0K/+vUfxn9lzUZdXjqDEByRQYC04czlbVzXjVxg+lK:+GxEW0K/+vUfxn9lodXjqyTFcJbV7Dg+

Score
10/10
xloaderiq3gloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iq3g

Decoy

itbcx.com

katielegget.com

myneighorsbasement.com

charts.wiki

toricolucci.com

ntlichengmodel.com

onsaleja.com

nailsbyleentje.com

freya-lux.com

moodyblack.com

mseoljaehwi.com

successfulsend.com

dr-roach.com

nargilegalerisi.com

animalhoney.com

indiarankers.com

botcantaysitokata.club

okinawakurashinavi.com

ceev-japan.com

shsqyy.com

Targets

    • Target

      3491c33f5128081ae84219bbc4068fcb

    • Size

      324KB

    • MD5

      3491c33f5128081ae84219bbc4068fcb

    • SHA1

      23f1bd76d12ae78dcccaa244a6cec80d85ea7258

    • SHA256

      18e6e02d43d660b18e79a33afd5448f28bf7e24a2bcc070667cedda0f8e97a25

    • SHA512

      ce90ec8db5aa48e53c1a9d9df7194c80090fc7f978c990bda0eb1ee6910233173f4342fa5210fb628ba26a0c12accc8134b95cb7fe313c3b2ef93d6eefe783d2

    • SSDEEP

      6144:gMIGxTYW0K/+vUfxn9lzUZdXjqDEByRQYC04czlbVzXjVxg+lK:+GxEW0K/+vUfxn9lodXjqyTFcJbV7Dg+

    Score
    10/10
    xloaderiq3gloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks