Overview

overview

10

Static

static

3

SWIT BANK ...df.exe

windows7-x64

10

SWIT BANK ...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aadcd602f69111df4791a831c13b56aa

  • Size

    575KB

  • Sample

    240228-drs1hahh6x

  • MD5

    aadcd602f69111df4791a831c13b56aa

  • SHA1

    e06feef58b1593bd621841e6830a07cba62d7436

  • SHA256

    af53857494098f61e0d8a32a827f86666dd6ee43931803f239b45b9927a79300

  • SHA512

    d3ab35e5dd03d1e32c502d61c531fc9bb85e97c4749eecaff716ac93951412e29e5db0311562fc3dbe4301b65585352f510fe344691720787c9a8cfa5a6f90c9

  • SSDEEP

    12288:FVn++cSFnVaPOCHSXJsSfNt0v4ojbxbZSExm+krRr/za3vYXFmygKlp:/r7XJFfEj5ZI7gKlp

Score
10/10
xloaderipa8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

    • Target

      SWIT BANK PAPER PAYMENT-pdf.exe

    • Size

      597KB

    • MD5

      cb85be6f170d6b63c588f9cd5f13c353

    • SHA1

      c7712175385971beeeff989d0b798033fcf7cd00

    • SHA256

      ee929bc954e0c858ca17de372ed70ec02343b1c48ab6631c07c60550a8da7b4d

    • SHA512

      86101fd4fd69fd15b950fb72d0c8a15cb1a0ff862590d06ccc34e2334ce6510fb4b21f58f7d062499ece0df045d4f83118b168776350f04a542b553ae575869d

    • SSDEEP

      12288:NTfMGH02iNv4sX7yJDKY2E6gPSX2XrRbHVOzSm/rKP:pJH01usX7ykY2HgPSm710Om/

    Score
    10/10
    xloaderipa8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks