Overview

overview

10

Static

static

3

b19df7d474...97.exe

windows7-x64

10

b19df7d474...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b19df7d474eac94c92005bf520551b97

  • Size

    1.2MB

  • Sample

    240304-jyf76sde3z

  • MD5

    b19df7d474eac94c92005bf520551b97

  • SHA1

    fc2dfde81d7c102f361ef61d869a76584eea5968

  • SHA256

    8ecf98521a6afce7b4d887f71d610e89904900a1fa56bbfb1739df74b89209d8

  • SHA512

    7f72a4b0c039ced84f17b8f55669f9aa2f7bfeb2b09d3e0a913b3ee289c3fef8dd3f92a68a34347c86d1a6987aa86d935e69dd12e7de823cce0dc86627ae4787

  • SSDEEP

    24576:Z1ggRnGYY88YkzDGPrFEgQZ/PwU0uQHdnkV8uFYCZsGUyfd:/ggRGYY8HTFK4UmSVJYiWAd

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      b19df7d474eac94c92005bf520551b97

    • Size

      1.2MB

    • MD5

      b19df7d474eac94c92005bf520551b97

    • SHA1

      fc2dfde81d7c102f361ef61d869a76584eea5968

    • SHA256

      8ecf98521a6afce7b4d887f71d610e89904900a1fa56bbfb1739df74b89209d8

    • SHA512

      7f72a4b0c039ced84f17b8f55669f9aa2f7bfeb2b09d3e0a913b3ee289c3fef8dd3f92a68a34347c86d1a6987aa86d935e69dd12e7de823cce0dc86627ae4787

    • SSDEEP

      24576:Z1ggRnGYY88YkzDGPrFEgQZ/PwU0uQHdnkV8uFYCZsGUyfd:/ggRGYY8HTFK4UmSVJYiWAd

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks