Overview

overview

10

Static

static

3

3235ee16bb...18.exe

windows7-x64

10

3235ee16bb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3235ee16bb12ac83bd145a7d87b09618

  • Size

    749KB

  • Sample

    231231-l7npqaadel

  • MD5

    3235ee16bb12ac83bd145a7d87b09618

  • SHA1

    fc38af3749e0d33b38d2c1aa317c39918c494f76

  • SHA256

    ac67dec533d5b06a41145ba39ea674e30ed03bd09dabee9e0417bef18943edd7

  • SHA512

    e48843263f9fa1364d7296273b58d1becee5f593f8fc203d9eedb78a42f3c3d6d6db6ac6fcd95857f7ac6a405ce8760ff63d33e5070d4532987a74f08dd04d3c

  • SSDEEP

    12288:pbeFZlNhJdLEHgjM+fK8I4nVfcphY/+A:+Z5JdLzu4VfcQ

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      3235ee16bb12ac83bd145a7d87b09618

    • Size

      749KB

    • MD5

      3235ee16bb12ac83bd145a7d87b09618

    • SHA1

      fc38af3749e0d33b38d2c1aa317c39918c494f76

    • SHA256

      ac67dec533d5b06a41145ba39ea674e30ed03bd09dabee9e0417bef18943edd7

    • SHA512

      e48843263f9fa1364d7296273b58d1becee5f593f8fc203d9eedb78a42f3c3d6d6db6ac6fcd95857f7ac6a405ce8760ff63d33e5070d4532987a74f08dd04d3c

    • SSDEEP

      12288:pbeFZlNhJdLEHgjM+fK8I4nVfcphY/+A:+Z5JdLzu4VfcQ

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks