Overview

overview

10

Static

static

3

0144a7d3ea...6b.exe

windows7-x64

10

0144a7d3ea...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0144a7d3ea564aa29856fc657c53c96b

  • Size

    838KB

  • Sample

    231229-xthgbsgbaj

  • MD5

    0144a7d3ea564aa29856fc657c53c96b

  • SHA1

    a88464df35f022a1f22ac8b07d4b0faea177ea53

  • SHA256

    835cf0393c0d695629ae18ef8e41b28a75dc0df98d8572f77394ddc5b8e0ec16

  • SHA512

    e8f6dc50c6be523e0dffc2167bc81db2a5c7f6229176122f805bfbde0ffeae34ebba343db4e1f97391b79fa2253b04986e17dfc471a6a30f3e82e8a9ee255920

  • SSDEEP

    12288:1caQxt8r8ZIPbgDPwFVt2NjFl58l+NI7mwvXk92aQyMFSE5xTpSsBVkC7ojwI0jE:UZeb0wFVMNjbCl+CdJxFrxTpZkC2F0

Score
10/10
xloaderwufnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      0144a7d3ea564aa29856fc657c53c96b

    • Size

      838KB

    • MD5

      0144a7d3ea564aa29856fc657c53c96b

    • SHA1

      a88464df35f022a1f22ac8b07d4b0faea177ea53

    • SHA256

      835cf0393c0d695629ae18ef8e41b28a75dc0df98d8572f77394ddc5b8e0ec16

    • SHA512

      e8f6dc50c6be523e0dffc2167bc81db2a5c7f6229176122f805bfbde0ffeae34ebba343db4e1f97391b79fa2253b04986e17dfc471a6a30f3e82e8a9ee255920

    • SSDEEP

      12288:1caQxt8r8ZIPbgDPwFVt2NjFl58l+NI7mwvXk92aQyMFSE5xTpSsBVkC7ojwI0jE:UZeb0wFVMNjbCl+CdJxFrxTpZkC2F0

    Score
    10/10
    xloaderwufnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks