Overview

overview

10

Static

static

3

81eeaf4481...b0.exe

windows7-x64

10

81eeaf4481...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81eeaf4481f7bd7911a0df21f33ad8b0

  • Size

    629KB

  • Sample

    240130-j6ez3sbhe3

  • MD5

    81eeaf4481f7bd7911a0df21f33ad8b0

  • SHA1

    6a6ac5fb58fd791066ab2af6baf7c84554f4176f

  • SHA256

    21e8b823a2cd4c48374191ebf96fe30e23c60d6f2bacf83760417a4ed62410d8

  • SHA512

    a0e9671cf68782e6de94aad94a362bbabebc8d251b9579eb1dafa859c3e9fc20e607dc6b5b86bddc17e10193545bb092d599d4bed3ef219ecf4516088d908c63

  • SSDEEP

    12288:LErQmafHv/csSjn0wMe+eKrAxEB8YoyXdXVeh:LDmaCjn0rExEBp72

Score
10/10
xloaderm8ukloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m8uk

Decoy

corona-mid.com

diatomitetk.com

douyinlanv.info

shaloodeh-bana-ofogh.com

maggierosscats.com

homemadeearring.com

thanhnepgiay.net

orphanscode.net

betterchariot.com

sexforty.com

ceoclubnepal.com

messinacon.com

zaracollections.com

sportsonedeals.com

pooksapotheca.com

android-trust.com

thefilipinoairfryercookbook.com

winouwin.net

theurbanpreserve.com

rbmworld.com

Targets

    • Target

      81eeaf4481f7bd7911a0df21f33ad8b0

    • Size

      629KB

    • MD5

      81eeaf4481f7bd7911a0df21f33ad8b0

    • SHA1

      6a6ac5fb58fd791066ab2af6baf7c84554f4176f

    • SHA256

      21e8b823a2cd4c48374191ebf96fe30e23c60d6f2bacf83760417a4ed62410d8

    • SHA512

      a0e9671cf68782e6de94aad94a362bbabebc8d251b9579eb1dafa859c3e9fc20e607dc6b5b86bddc17e10193545bb092d599d4bed3ef219ecf4516088d908c63

    • SSDEEP

      12288:LErQmafHv/csSjn0wMe+eKrAxEB8YoyXdXVeh:LDmaCjn0rExEBp72

    Score
    10/10
    xloaderm8ukloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks