Overview

overview

10

Static

static

3

38f0e94421...41.exe

windows7-x64

10

38f0e94421...41.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38f0e944212962eca78d2209e614aa41

  • Size

    548KB

  • Sample

    231231-rapteabgb5

  • MD5

    38f0e944212962eca78d2209e614aa41

  • SHA1

    7b638710352c0374f41374bde07aa2d57263e8f1

  • SHA256

    2579540806631bf43383d340bf445855f71106614b40854ca9cf33265a24f900

  • SHA512

    3a1178bcf072d554c3c758cf2a4f3a083e027069f2d3c13d55a0e27162a14822ce0ecb5c526b27e1d281c995a6d617cf0c27359f9c23a2a433b1afcf8f12ad96

  • SSDEEP

    12288:ddh6sWLa/j55k1d+g4prwwEGmCzwk2UhCFctWlR+NSI:j9vjM14hbx+kthCicfu

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      38f0e944212962eca78d2209e614aa41

    • Size

      548KB

    • MD5

      38f0e944212962eca78d2209e614aa41

    • SHA1

      7b638710352c0374f41374bde07aa2d57263e8f1

    • SHA256

      2579540806631bf43383d340bf445855f71106614b40854ca9cf33265a24f900

    • SHA512

      3a1178bcf072d554c3c758cf2a4f3a083e027069f2d3c13d55a0e27162a14822ce0ecb5c526b27e1d281c995a6d617cf0c27359f9c23a2a433b1afcf8f12ad96

    • SSDEEP

      12288:ddh6sWLa/j55k1d+g4prwwEGmCzwk2UhCFctWlR+NSI:j9vjM14hbx+kthCicfu

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks