Overview

overview

10

Static

static

3

568af775c7...0b.exe

windows7-x64

10

568af775c7...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    568af775c70dc6789e84a95a7b9cbd0b

  • Size

    502KB

  • Sample

    240112-qcwjasgebj

  • MD5

    568af775c70dc6789e84a95a7b9cbd0b

  • SHA1

    87458784e0b2a171dbef7b5c94c85a5d94596cdf

  • SHA256

    ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b

  • SHA512

    91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4

  • SSDEEP

    12288:2+UOMuJLk2Nv9WChRRoYccN+5mVvBG15vckXBWf4mY2im1O:+OMmLk27ROBmVvg7c

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      568af775c70dc6789e84a95a7b9cbd0b

    • Size

      502KB

    • MD5

      568af775c70dc6789e84a95a7b9cbd0b

    • SHA1

      87458784e0b2a171dbef7b5c94c85a5d94596cdf

    • SHA256

      ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b

    • SHA512

      91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4

    • SSDEEP

      12288:2+UOMuJLk2Nv9WChRRoYccN+5mVvBG15vckXBWf4mY2im1O:+OMmLk27ROBmVvg7c

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks