Overview

overview

10

Static

static

3

0fe81d4f8d...97.exe

windows7-x64

10

0fe81d4f8d...97.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fe81d4f8de665d348edb7e4e92ae097

  • Size

    221KB

  • Sample

    231230-f22fqsffb7

  • MD5

    0fe81d4f8de665d348edb7e4e92ae097

  • SHA1

    ecc775101e19d1371797c0861a6fde3a8586ea67

  • SHA256

    4c4b0d0b5d89c472ca45d7d9ca5b2047e291f989660723c477f1443d39297a3e

  • SHA512

    3ecf43562f0f52d826cd20eba334163b1630c7ae8219620e2a0c63a080525e0c2f0e86075b1d1b10589ffd67696972b08c119481c87e3a3537719afc334ee32a

  • SSDEEP

    6144:UuUZdwb+lox+VrO6JxheyVTdpnHQZJi+mGSnL:UDwb+l4+VjJxfBdpUJivnL

Score
10/10
xloadernoi6loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

    • Target

      0fe81d4f8de665d348edb7e4e92ae097

    • Size

      221KB

    • MD5

      0fe81d4f8de665d348edb7e4e92ae097

    • SHA1

      ecc775101e19d1371797c0861a6fde3a8586ea67

    • SHA256

      4c4b0d0b5d89c472ca45d7d9ca5b2047e291f989660723c477f1443d39297a3e

    • SHA512

      3ecf43562f0f52d826cd20eba334163b1630c7ae8219620e2a0c63a080525e0c2f0e86075b1d1b10589ffd67696972b08c119481c87e3a3537719afc334ee32a

    • SSDEEP

      6144:UuUZdwb+lox+VrO6JxheyVTdpnHQZJi+mGSnL:UDwb+l4+VjJxfBdpUJivnL

    Score
    10/10
    xloadernoi6loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks