Overview

overview

10

Static

static

3

a76c4bccf8...27.exe

windows7-x64

10

a76c4bccf8...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a76c4bccf8ca3cc9a4ce06f4ec164527

  • Size

    1.1MB

  • Sample

    240226-1kg1zsgg37

  • MD5

    a76c4bccf8ca3cc9a4ce06f4ec164527

  • SHA1

    a87a39b0742b6dd4e93b975307251f7d59e1d21c

  • SHA256

    f7f840a7d6ed87875a6376dedef3386e491cfafd01011f27f21b0b2b73a0d6ba

  • SHA512

    30f4872fca6e46bf1cfe11489a98223ae563b3c5f16e5c99576b1b59327eee05b72a647cd8a7c0add22168cb8f4155518c8cd4f62d9b2d2cbee143f184dcd279

  • SSDEEP

    12288:UqQe8f2iNenDlaZbQyI/H1oT0I99a7wcKcDmv57HIS+G95ZZYTtqey+A:W1f6/H1WD9w7wmKIS+UYTg

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      a76c4bccf8ca3cc9a4ce06f4ec164527

    • Size

      1.1MB

    • MD5

      a76c4bccf8ca3cc9a4ce06f4ec164527

    • SHA1

      a87a39b0742b6dd4e93b975307251f7d59e1d21c

    • SHA256

      f7f840a7d6ed87875a6376dedef3386e491cfafd01011f27f21b0b2b73a0d6ba

    • SHA512

      30f4872fca6e46bf1cfe11489a98223ae563b3c5f16e5c99576b1b59327eee05b72a647cd8a7c0add22168cb8f4155518c8cd4f62d9b2d2cbee143f184dcd279

    • SSDEEP

      12288:UqQe8f2iNenDlaZbQyI/H1oT0I99a7wcKcDmv57HIS+G95ZZYTtqey+A:W1f6/H1WD9w7wmKIS+UYTg

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks