Overview

overview

10

Static

static

3

650e108f6f...fe.exe

windows7-x64

10

650e108f6f...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    650e108f6fa66e360adef1852a7342fe

  • Size

    948KB

  • Sample

    240118-lhz2fsgggl

  • MD5

    650e108f6fa66e360adef1852a7342fe

  • SHA1

    d5ace13df0ab55ae7789d5e4f771b58536a5ea6f

  • SHA256

    73ba539a238da72c6f7bd2a0e528db1de3fdd6a1d6217613229c017eb758d4c6

  • SHA512

    96cdddab6447e0fb3b0c12695ea1ebf2a494a1af946342f47648d34712a3d8667890b63c5c4c2da29f608a79de833216d8f412f080d33702fc84dce6cbc088f5

  • SSDEEP

    12288:eDDc9F3nC0Py3gAhGEJbjJEKyzSmxrhQci1291Hq79+ZrE2gajEA03Ugu/T5LBl:fdhhQciy1Hq79+Z3EA2U5

Score
10/10
xloaderwufnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      650e108f6fa66e360adef1852a7342fe

    • Size

      948KB

    • MD5

      650e108f6fa66e360adef1852a7342fe

    • SHA1

      d5ace13df0ab55ae7789d5e4f771b58536a5ea6f

    • SHA256

      73ba539a238da72c6f7bd2a0e528db1de3fdd6a1d6217613229c017eb758d4c6

    • SHA512

      96cdddab6447e0fb3b0c12695ea1ebf2a494a1af946342f47648d34712a3d8667890b63c5c4c2da29f608a79de833216d8f412f080d33702fc84dce6cbc088f5

    • SSDEEP

      12288:eDDc9F3nC0Py3gAhGEJbjJEKyzSmxrhQci1291Hq79+ZrE2gajEA03Ugu/T5LBl:fdhhQciy1Hq79+Z3EA2U5

    Score
    10/10
    xloaderwufnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks