Overview

overview

10

Static

static

3

58f2fc9e3b...3d.exe

windows7-x64

10

58f2fc9e3b...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58f2fc9e3b1e045d4f6040e0b15e7b3d

  • Size

    1.3MB

  • Sample

    231226-gzqf5adghj

  • MD5

    58f2fc9e3b1e045d4f6040e0b15e7b3d

  • SHA1

    3fd996467fc1b057e9f0fe436dd7f46cf460e688

  • SHA256

    5d73a302ff09dd9d39420703dc50c9530ac6e78b55c762f9c03df76be39d6c2c

  • SHA512

    a4d0627fedf36e64aca0dd5154189d0fd280f212adc8e700c3e01ce6a4fe818454b7f3afe79ae37d45b990573be9eaf8d9d3ef58aed2cb19f27d66c64c94d044

  • SSDEEP

    24576:l7rkW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+huE:lbiecHHgtrszyaNQuiNB/e

Score
10/10
xloaderp596loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

    • Target

      58f2fc9e3b1e045d4f6040e0b15e7b3d

    • Size

      1.3MB

    • MD5

      58f2fc9e3b1e045d4f6040e0b15e7b3d

    • SHA1

      3fd996467fc1b057e9f0fe436dd7f46cf460e688

    • SHA256

      5d73a302ff09dd9d39420703dc50c9530ac6e78b55c762f9c03df76be39d6c2c

    • SHA512

      a4d0627fedf36e64aca0dd5154189d0fd280f212adc8e700c3e01ce6a4fe818454b7f3afe79ae37d45b990573be9eaf8d9d3ef58aed2cb19f27d66c64c94d044

    • SSDEEP

      24576:l7rkW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+huE:lbiecHHgtrszyaNQuiNB/e

    Score
    10/10
    xloaderp596loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks