Overview

overview

10

Static

static

3

9ff69cfd1b...08.exe

windows7-x64

10

9ff69cfd1b...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ff69cfd1ba247337859693dc4f23908

  • Size

    390KB

  • Sample

    240216-kvx7yseh7w

  • MD5

    9ff69cfd1ba247337859693dc4f23908

  • SHA1

    d89eb9221a63e31ccfdf160271ba9d6c546678f0

  • SHA256

    aca5906ce824a479fd3899591055ce426b2c2000ccf4c4b2f7ee97c21a1edb53

  • SHA512

    e432d5a205563b230a55836f8b759aaa76f220b9334c48f6601b971ea4511424d34b24a607eff6067a7d1173bd956f642cf333246afd483fa3fd412dc4b61bfa

  • SSDEEP

    6144:sOKO3Dtzcy6i85tGxD/kpkAh71jHaJEx/v9ha:RKO3Dtzi7hM8nm

Score
10/10
xloaderb6a4loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

    • Target

      9ff69cfd1ba247337859693dc4f23908

    • Size

      390KB

    • MD5

      9ff69cfd1ba247337859693dc4f23908

    • SHA1

      d89eb9221a63e31ccfdf160271ba9d6c546678f0

    • SHA256

      aca5906ce824a479fd3899591055ce426b2c2000ccf4c4b2f7ee97c21a1edb53

    • SHA512

      e432d5a205563b230a55836f8b759aaa76f220b9334c48f6601b971ea4511424d34b24a607eff6067a7d1173bd956f642cf333246afd483fa3fd412dc4b61bfa

    • SSDEEP

      6144:sOKO3Dtzcy6i85tGxD/kpkAh71jHaJEx/v9ha:RKO3Dtzi7hM8nm

    Score
    10/10
    xloaderb6a4loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks