Overview

overview

10

Static

static

3

PO24535363.exe

windows7-x64

10

PO24535363.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0abcaa941295f04d8c1f625ccab318f9

  • Size

    884KB

  • Sample

    231230-cam79ahbg5

  • MD5

    0abcaa941295f04d8c1f625ccab318f9

  • SHA1

    48e9bdea962102bebe6017c69d1c90f08cda9403

  • SHA256

    48b77a7e7a63c87ea63c7a592873f346955e2ed25792aaf37aed568bf92df040

  • SHA512

    e70ea79c1bb7d65f5ab9efdf58519c2da5ec32b1632dcd3ba6a6e67292aad0fa49438701ad8e87233b9cadac37a483fa6bc5cf293335406e5214f60d43daa520

  • SSDEEP

    24576:6zp/3c/hA/KIwADpgxdT3IqZgQ/cc3FUMj+pwF2:61Mq/KpOyg7F4xo

Score
10/10
xloaderdfa8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dfa8

Decoy

rocketgoldcorp.com

bdsportslive.com

szldbxg.com

teavelersjournal.com

nilmiro.com

empporiocar.com

xishuophp.net

multigremiosmadrid.com

tucsonlot.com

fitnessketo.com

ourhomeimprovements.com

fletcher-windows.com

shab834.com

neggouyadla.com

helps-support.net

waterst.one

schoolforshapers.com

shubhshaktinidhi.com

vintatts.com

ykmmailer18.com

Targets

    • Target

      PO24535363.exe

    • Size

      810KB

    • MD5

      cad47481ee480d7808407d1b82c59d6b

    • SHA1

      ea048eee92361095b568fbc8de772a6788e186d1

    • SHA256

      590387feecd3df6131ffd646c5e4a9e597b6e216c56d7a1eb010b16164281144

    • SHA512

      4d245ed227a62e2b3c2dfca61f20bc6fa5c81c09ca1c87c0292f21db39a936c81942f37f365b3357348aa022508d19bd152285d0930efd7e7633c355c9c115e6

    • SSDEEP

      12288:GxdOwKLvAcdZYkMypFtK+1mATyZVKy3jnYZdLKSb55cRANAZCAAb/9nMAzN4F6/c:GnORAcPMO1g3jngBbQQ

    Score
    10/10
    xloaderdfa8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks