Overview

overview

10

Static

static

3

23962f311c...11.exe

windows7-x64

10

23962f311c...11.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23962f311cb6016e8f5a84ceb3bab011.exe

  • Size

    936KB

  • MD5

    23962f311cb6016e8f5a84ceb3bab011

  • SHA1

    684290eac2e8dab2b2f3d7d3e598cc87306c1840

  • SHA256

    1086e2faa19287c271b669be3118a0509f3547cbe638e7f783d0c691be084be8

  • SHA512

    b38324d8d0ef841dd536cd04aa8fb04975353bd7cdde56553ae298cbc743200e0c40e48c36d1c66802a8cce1caf051d7a62d7fbc3be9aafa3950e263318699f3

  • SSDEEP

    24576:zTd8cS/d3YK64J3S0R5z2xICwcQo1+HisZzoH:HBK64Ji0R12Ce1KFzo

Score
10/10
xloaderwufnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Xloader payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23962f311cb6016e8f5a84ceb3bab011.exe
    "C:\Users\Admin\AppData\Local\Temp\23962f311cb6016e8f5a84ceb3bab011.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Users\Admin\AppData\Local\Temp\23962f311cb6016e8f5a84ceb3bab011.exe
      "C:\Users\Admin\AppData\Local\Temp\23962f311cb6016e8f5a84ceb3bab011.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2512-13-0x0000000000400000-0x0000000000428000-memory.dmp
    Filesize

    160KB

    Download
  • memory/2512-17-0x00000000011A0000-0x00000000014EA000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2512-16-0x00000000011A0000-0x00000000014EA000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/4528-1-0x0000000074620000-0x0000000074DD0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4528-10-0x0000000005640000-0x0000000005650000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4528-0-0x0000000000B00000-0x0000000000BF0000-memory.dmp
    Filesize

    960KB

    Download
  • memory/4528-7-0x00000000058C0000-0x0000000005916000-memory.dmp
    Filesize

    344KB

    Download
  • memory/4528-6-0x0000000005690000-0x000000000569A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4528-8-0x0000000005BD0000-0x0000000005BE2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4528-9-0x0000000074620000-0x0000000074DD0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4528-2-0x0000000005560000-0x00000000055FC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/4528-11-0x0000000006DD0000-0x0000000006E48000-memory.dmp
    Filesize

    480KB

    Download
  • memory/4528-5-0x0000000005640000-0x0000000005650000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4528-15-0x0000000074620000-0x0000000074DD0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4528-4-0x0000000005730000-0x00000000057C2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4528-12-0x0000000006E60000-0x0000000006E90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4528-3-0x0000000005C40000-0x00000000061E4000-memory.dmp
    Filesize

    5.6MB

    Download