Overview

overview

10

Static

static

3

badf94c489...c1.exe

windows7-x64

10

badf94c489...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    badf94c4898506f661a4715e52461bc1

  • Size

    1.1MB

  • Sample

    240308-k6gz4scc5y

  • MD5

    badf94c4898506f661a4715e52461bc1

  • SHA1

    dcff24b30914e6a30f3931a002c7036e99b7408b

  • SHA256

    34923fa008ddbdd9383ab679bd203cea2ee96ecb029569e431475a4b10b44d05

  • SHA512

    9d8c4ff8896b831f198a4ac9dc96d2b868b831cc2767fbb49560c66d4093214cb5955038e326cc5ff12c685806c0c310796a6f8ecfd6906dcdd815358c937861

  • SSDEEP

    24576:jo2A4dODYhSWYgvjIkTgaONtJEWUdZZ5/NJKaod:Ub5zWYGj7gz3yv3JKld

Score
10/10
xloaderwufnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      badf94c4898506f661a4715e52461bc1

    • Size

      1.1MB

    • MD5

      badf94c4898506f661a4715e52461bc1

    • SHA1

      dcff24b30914e6a30f3931a002c7036e99b7408b

    • SHA256

      34923fa008ddbdd9383ab679bd203cea2ee96ecb029569e431475a4b10b44d05

    • SHA512

      9d8c4ff8896b831f198a4ac9dc96d2b868b831cc2767fbb49560c66d4093214cb5955038e326cc5ff12c685806c0c310796a6f8ecfd6906dcdd815358c937861

    • SSDEEP

      24576:jo2A4dODYhSWYgvjIkTgaONtJEWUdZZ5/NJKaod:Ub5zWYGj7gz3yv3JKld

    Score
    10/10
    xloaderwufnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks