Overview

overview

10

Static

static

3

7d0fdfd383...a4.exe

windows7-x64

10

7d0fdfd383...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d0fdfd383c5323cda8b2192141c6da4

  • Size

    707KB

  • Sample

    240128-n5dg3sbhfn

  • MD5

    7d0fdfd383c5323cda8b2192141c6da4

  • SHA1

    17b67b94986255ab0da130d0113330719af2abac

  • SHA256

    c6851d4bfcc3b1845ed1ca30aec2c03e658b94cbba0a6d5e398c9da9b6b461a2

  • SHA512

    ea5b9cdfca0fb030073993aeeddbb3cc78b15c2838560241b49a775e17244e051e06de86d905af751c54897e9c2b20e56c807818ad2d6640d2aa8a055a899603

  • SSDEEP

    12288:ZAQSsBEMuKQ1+3vx+IpOAjyjy+GbMDr5gCD0iJWH4C7lslSodbPAmK+At:LJBEZM3vqky0kWCIiMHlyldJ9At

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      7d0fdfd383c5323cda8b2192141c6da4

    • Size

      707KB

    • MD5

      7d0fdfd383c5323cda8b2192141c6da4

    • SHA1

      17b67b94986255ab0da130d0113330719af2abac

    • SHA256

      c6851d4bfcc3b1845ed1ca30aec2c03e658b94cbba0a6d5e398c9da9b6b461a2

    • SHA512

      ea5b9cdfca0fb030073993aeeddbb3cc78b15c2838560241b49a775e17244e051e06de86d905af751c54897e9c2b20e56c807818ad2d6640d2aa8a055a899603

    • SSDEEP

      12288:ZAQSsBEMuKQ1+3vx+IpOAjyjy+GbMDr5gCD0iJWH4C7lslSodbPAmK+At:LJBEZM3vqky0kWCIiMHlyldJ9At

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks