Overview

overview

10

Static

static

3

37b5ffb512...c2.exe

windows7-x64

10

37b5ffb512...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37b5ffb512718c3edb571969fb63b0c2

  • Size

    826KB

  • Sample

    231231-qkp2gscda4

  • MD5

    37b5ffb512718c3edb571969fb63b0c2

  • SHA1

    e834163f582242dde55265338c3cc6445293c1f5

  • SHA256

    c21a5d43b11091efa59562014f69a1996464c7e62b3656b56fad6b521c0d901b

  • SHA512

    ccefe95cef1811183bb482be6f8e7c5505fc111c944ec8baac240d0da2d46e156f98ae93432bf64d10e6224eb8b528c0660637f819f29e38d069721e08c6d74c

  • SSDEEP

    12288:0IdhD12Srd9glaFVBDCNnLAPDCv71Rd6eSs8uw1uDkQSd3do:eSMa/lUnLgz1n1uwve

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      37b5ffb512718c3edb571969fb63b0c2

    • Size

      826KB

    • MD5

      37b5ffb512718c3edb571969fb63b0c2

    • SHA1

      e834163f582242dde55265338c3cc6445293c1f5

    • SHA256

      c21a5d43b11091efa59562014f69a1996464c7e62b3656b56fad6b521c0d901b

    • SHA512

      ccefe95cef1811183bb482be6f8e7c5505fc111c944ec8baac240d0da2d46e156f98ae93432bf64d10e6224eb8b528c0660637f819f29e38d069721e08c6d74c

    • SSDEEP

      12288:0IdhD12Srd9glaFVBDCNnLAPDCv71Rd6eSs8uw1uDkQSd3do:eSMa/lUnLgz1n1uwve

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks