Overview

overview

10

Static

static

3

62e5f9e6e9...4d.exe

windows7-x64

10

62e5f9e6e9...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62e5f9e6e96c2c909b35a2390cb98f4d

  • Size

    341KB

  • Sample

    240117-sc5s3shhh9

  • MD5

    62e5f9e6e96c2c909b35a2390cb98f4d

  • SHA1

    2d29955f87f75213c175d642529821fc3cd056f4

  • SHA256

    0010e3a112410a6b692ec8d6b9310c9c27bfbafc86f8ec093899fbecede1426d

  • SHA512

    19589c16885dcbbe7d229a74a4e43d97667acf1e972795edffe1af886e08bb40a3351b945d689ccf49ec2e2b3b0f058572c990467e6afc7916c4fe9429703bfe

  • SSDEEP

    6144:iBrf0xh3Hfr5YwuLpVjG8KBk7cOYBm9y246kQguIQ+X3PIfcA5BNKd0:Erf0P3HD5YgDmYBmlVkQnI93Ico80

Score
10/10
xloaderpagiloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

    • Target

      62e5f9e6e96c2c909b35a2390cb98f4d

    • Size

      341KB

    • MD5

      62e5f9e6e96c2c909b35a2390cb98f4d

    • SHA1

      2d29955f87f75213c175d642529821fc3cd056f4

    • SHA256

      0010e3a112410a6b692ec8d6b9310c9c27bfbafc86f8ec093899fbecede1426d

    • SHA512

      19589c16885dcbbe7d229a74a4e43d97667acf1e972795edffe1af886e08bb40a3351b945d689ccf49ec2e2b3b0f058572c990467e6afc7916c4fe9429703bfe

    • SSDEEP

      6144:iBrf0xh3Hfr5YwuLpVjG8KBk7cOYBm9y246kQguIQ+X3PIfcA5BNKd0:Erf0P3HD5YgDmYBmlVkQnI93Ico80

    Score
    10/10
    xloaderpagiloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks