Overview

overview

10

Static

static

3

6a92091987...c8.exe

windows7-x64

10

6a92091987...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a9209198711b88b06ed9834692ca1c8

  • Size

    250KB

  • Sample

    231226-nhpltscfej

  • MD5

    6a9209198711b88b06ed9834692ca1c8

  • SHA1

    1f25855e8d81f9898689edbfbc0458a862d29663

  • SHA256

    33d3af05d1fcf28764c48629687647f8a765d4dfccee946a470356366f521387

  • SHA512

    35142e44c94cd2fceb726ed0ebf5065878bf0a085d3092a6f8e7302033cb885da163a1d8fc61d23f23280257a3f2aacd67add75d0cd949cc55157cbdde169d99

  • SSDEEP

    3072:svecvGokz8uuewZe4qhkALYf+M2cOaiT62nSxZv1xFddEnkwoJIlePAm1AdV:svNKz8ZFZP6k+htxtSfrw6IRiAX

Score
10/10
xloaderpagiloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

    • Target

      6a9209198711b88b06ed9834692ca1c8

    • Size

      250KB

    • MD5

      6a9209198711b88b06ed9834692ca1c8

    • SHA1

      1f25855e8d81f9898689edbfbc0458a862d29663

    • SHA256

      33d3af05d1fcf28764c48629687647f8a765d4dfccee946a470356366f521387

    • SHA512

      35142e44c94cd2fceb726ed0ebf5065878bf0a085d3092a6f8e7302033cb885da163a1d8fc61d23f23280257a3f2aacd67add75d0cd949cc55157cbdde169d99

    • SSDEEP

      3072:svecvGokz8uuewZe4qhkALYf+M2cOaiT62nSxZv1xFddEnkwoJIlePAm1AdV:svNKz8ZFZP6k+htxtSfrw6IRiAX

    Score
    10/10
    xloaderpagiloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks