Overview

overview

10

Static

static

3

668d6246b6...37.exe

windows7-x64

10

668d6246b6...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    668d6246b611f9ce2d99a5fe7a5ea837

  • Size

    971KB

  • Sample

    240119-bzh46aebh7

  • MD5

    668d6246b611f9ce2d99a5fe7a5ea837

  • SHA1

    64977e62b942110eef63cb2bede4c9bcc5de734e

  • SHA256

    4e86e4c898bee9c454d8bdef33a2ece96c8da7c2605ec31560ed5006e1b9d83e

  • SHA512

    871cf53e792f072083d21f30919725f7986b851e62d76570a490c549cf636b5b77985387470c4a6207230f1d5c741b6b07ee3875857cb0a6fa1c5beaff91586b

  • SSDEEP

    12288:7/csGI/c1V56JizOdpUdrA9dDdxWigf5sAHixZqsokt2q2EObbY+AN:7A04zOdpUdrC/x7yqq+9

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      668d6246b611f9ce2d99a5fe7a5ea837

    • Size

      971KB

    • MD5

      668d6246b611f9ce2d99a5fe7a5ea837

    • SHA1

      64977e62b942110eef63cb2bede4c9bcc5de734e

    • SHA256

      4e86e4c898bee9c454d8bdef33a2ece96c8da7c2605ec31560ed5006e1b9d83e

    • SHA512

      871cf53e792f072083d21f30919725f7986b851e62d76570a490c549cf636b5b77985387470c4a6207230f1d5c741b6b07ee3875857cb0a6fa1c5beaff91586b

    • SSDEEP

      12288:7/csGI/c1V56JizOdpUdrA9dDdxWigf5sAHixZqsokt2q2EObbY+AN:7A04zOdpUdrC/x7yqq+9

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks