Overview

overview

10

Static

static

3

035b67fa3b...a0.exe

windows7-x64

10

035b67fa3b...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    035b67fa3bb0cb05b55b76d8926041a0.exe

  • Size

    680KB

  • Sample

    231231-p2b1hseba7

  • MD5

    035b67fa3bb0cb05b55b76d8926041a0

  • SHA1

    2706e44d0f908da87fca5470aeef0e8d5e3ad5ce

  • SHA256

    c8e7193944ede931e488cd5e85554447e4da772455bad4a8e8b40840d9a5f8e9

  • SHA512

    f4a271493afee4aa2199096a5a76b4c33a99fd06a84764876a230b400de13ed34c3b88dc0cba70e58424fd96855faf31e5bc81b7b8cf8d0a39ad7193b2b6b9d6

  • SSDEEP

    6144:TbPbdEENl1ylR6RmGKcOAbqzZE5QP023A4LSKEO4WQdRx0VrS:D5slRt3Ab8G5/oAfj1tRx

Score
10/10
xloaderb6culoaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

Decoy

votreconseilfinancier.com

wholesaleplay.com

komfy.store

hsyunfan.com

tournamenttips.com

yourbusine.xyz

wrg-referrals.com

harmless-oily.com

whizdomtowealth.com

xusmods.com

cleanerstoday.com

finopscert.com

paerexpress.com

kankb.com

res-o.info

balonpantolon.com

freedownloadbiz.info

jeffegriffin.com

gobahis119.com

ourcalvinsarm.com

Targets

    • Target

      035b67fa3bb0cb05b55b76d8926041a0.exe

    • Size

      680KB

    • MD5

      035b67fa3bb0cb05b55b76d8926041a0

    • SHA1

      2706e44d0f908da87fca5470aeef0e8d5e3ad5ce

    • SHA256

      c8e7193944ede931e488cd5e85554447e4da772455bad4a8e8b40840d9a5f8e9

    • SHA512

      f4a271493afee4aa2199096a5a76b4c33a99fd06a84764876a230b400de13ed34c3b88dc0cba70e58424fd96855faf31e5bc81b7b8cf8d0a39ad7193b2b6b9d6

    • SSDEEP

      6144:TbPbdEENl1ylR6RmGKcOAbqzZE5QP023A4LSKEO4WQdRx0VrS:D5slRt3Ab8G5/oAfj1tRx

    Score
    10/10
    xloaderb6culoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks