Overview

overview

10

Static

static

3

1131769306...21.exe

windows7-x64

10

1131769306...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ad7a7ae41b5f19f2d2d6c59bf43620c

  • Size

    622KB

  • Sample

    240127-v2he7agfe7

  • MD5

    7ad7a7ae41b5f19f2d2d6c59bf43620c

  • SHA1

    b4edfec25ad5260e9a9dd4e9cda9bcf937367fe8

  • SHA256

    31390820ca940a19f0eeaed5b38b27f7cd78317adf40489882b3de038c2ad857

  • SHA512

    14f935d16e44e6255b7901da3bbb68289d74d30d150fcd1864c50c04916ead3763f676c5947fcac502d3c376f28a49c21be855013a33a33dd9687fd0acf7880b

  • SSDEEP

    12288:22JlO5RfW4y816oYKUZ/RUmfvaFlQrFqGv8660fmn8VqvO6M29S:22JluRfWI6oYBxR2FoFqGvZ60UOo9S

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      11317693065_03162021.exe

    • Size

      847KB

    • MD5

      e079f05837536051b8b3cfa9884a5ff7

    • SHA1

      cf1f565bf2fb23f78948329641f1eafe8a14c078

    • SHA256

      35e50a9d07903f1987a19115dfecdea79cec0844a04883e47106a2969d496ee6

    • SHA512

      12e37b76190748a39aad482b45b9a4aa547695a7c440a2ed2dbd5f10214c7ead3fcfd6e3ac142df29dc431fb53ab906007b5fb21cdf8769e536d641ab9bd3398

    • SSDEEP

      12288:+jmuRRyzFy6YNsIHi3dwIMbHq2Aq19sJHO3mKCHcjQMCY2Y7FNNz+ETv:b86Y9HiNwIymqzsHHcjyYl7FNNaET

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks