Overview

overview

10

Static

static

3

5f26cd5aed...f0.exe

windows7-x64

10

5f26cd5aed...f0.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f26cd5aed834a68b5557e269283d6f0

  • Size

    231KB

  • Sample

    240116-gtga9sfda9

  • MD5

    5f26cd5aed834a68b5557e269283d6f0

  • SHA1

    5d9eba311343c68a77c9c2a50d65199d7cd7f8a8

  • SHA256

    2f313740b13df5c33ef5d7ef6631674ef37428a4a776bbb312fd324b05b5dadd

  • SHA512

    b0c15610d8907c424037f86a0a78d58ed6f5592c95b737666e8d543bc8ed6d45dacddd2dd60d7dce3020b3fa376aa25400312bf0aa0cf5668c37abd8511c8827

  • SSDEEP

    6144:VpHZCuh4hbQMmA8nXw9lLkuE8aZzIweYAvUtgx5jzVPe:VxubQMm3nXw9quEjIweP1e

Score
10/10
xloaderp596loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

    • Target

      5f26cd5aed834a68b5557e269283d6f0

    • Size

      231KB

    • MD5

      5f26cd5aed834a68b5557e269283d6f0

    • SHA1

      5d9eba311343c68a77c9c2a50d65199d7cd7f8a8

    • SHA256

      2f313740b13df5c33ef5d7ef6631674ef37428a4a776bbb312fd324b05b5dadd

    • SHA512

      b0c15610d8907c424037f86a0a78d58ed6f5592c95b737666e8d543bc8ed6d45dacddd2dd60d7dce3020b3fa376aa25400312bf0aa0cf5668c37abd8511c8827

    • SSDEEP

      6144:VpHZCuh4hbQMmA8nXw9lLkuE8aZzIweYAvUtgx5jzVPe:VxubQMm3nXw9quEjIweP1e

    Score
    10/10
    xloaderp596loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks