Overview

overview

10

Static

static

3

06f47d6c56...f1.exe

windows7-x64

10

06f47d6c56...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06f47d6c56ea1cf96bd70d113ee661f1

  • Size

    527KB

  • Sample

    231229-3gy67sfcfr

  • MD5

    06f47d6c56ea1cf96bd70d113ee661f1

  • SHA1

    30f26d59be9ec21bd7c3df0eda359482864702b7

  • SHA256

    3f9a8485314c2b666caf0a1a729a96cb974780f331ea9baa0c03e7f02035cf05

  • SHA512

    8cfdfae74dd186314a804fbe63af5a34714ee20a462dcfabf6c164e51e821c44915edec56a4a0433083a8e025e90c5a6e22064c4811d460d2a9aac54f4ac389e

  • SSDEEP

    12288:SBn0RN617gNm5YnXDdRgMVahjLySXJGejXhB75Kc3YEuIHdC:SBn0RNlDdRg6axmSgoRBUzIHdC

Score
10/10
xloaderp596loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

    • Target

      06f47d6c56ea1cf96bd70d113ee661f1

    • Size

      527KB

    • MD5

      06f47d6c56ea1cf96bd70d113ee661f1

    • SHA1

      30f26d59be9ec21bd7c3df0eda359482864702b7

    • SHA256

      3f9a8485314c2b666caf0a1a729a96cb974780f331ea9baa0c03e7f02035cf05

    • SHA512

      8cfdfae74dd186314a804fbe63af5a34714ee20a462dcfabf6c164e51e821c44915edec56a4a0433083a8e025e90c5a6e22064c4811d460d2a9aac54f4ac389e

    • SSDEEP

      12288:SBn0RN617gNm5YnXDdRgMVahjLySXJGejXhB75Kc3YEuIHdC:SBn0RNlDdRg6axmSgoRBUzIHdC

    Score
    10/10
    xloaderp596loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks