Overview

overview

10

Static

static

3

cb85be6f17...53.exe

windows7-x64

10

cb85be6f17...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb85be6f170d6b63c588f9cd5f13c353

  • Size

    597KB

  • Sample

    231228-g6nacahee9

  • MD5

    cb85be6f170d6b63c588f9cd5f13c353

  • SHA1

    c7712175385971beeeff989d0b798033fcf7cd00

  • SHA256

    ee929bc954e0c858ca17de372ed70ec02343b1c48ab6631c07c60550a8da7b4d

  • SHA512

    86101fd4fd69fd15b950fb72d0c8a15cb1a0ff862590d06ccc34e2334ce6510fb4b21f58f7d062499ece0df045d4f83118b168776350f04a542b553ae575869d

  • SSDEEP

    12288:NTfMGH02iNv4sX7yJDKY2E6gPSX2XrRbHVOzSm/rKP:pJH01usX7ykY2HgPSm710Om/

Score
10/10
xloaderipa8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

    • Target

      cb85be6f170d6b63c588f9cd5f13c353

    • Size

      597KB

    • MD5

      cb85be6f170d6b63c588f9cd5f13c353

    • SHA1

      c7712175385971beeeff989d0b798033fcf7cd00

    • SHA256

      ee929bc954e0c858ca17de372ed70ec02343b1c48ab6631c07c60550a8da7b4d

    • SHA512

      86101fd4fd69fd15b950fb72d0c8a15cb1a0ff862590d06ccc34e2334ce6510fb4b21f58f7d062499ece0df045d4f83118b168776350f04a542b553ae575869d

    • SSDEEP

      12288:NTfMGH02iNv4sX7yJDKY2E6gPSX2XrRbHVOzSm/rKP:pJH01usX7ykY2HgPSm710Om/

    Score
    10/10
    xloaderipa8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks