Overview

overview

10

Static

static

3

bcb8edad20...2a.exe

windows7-x64

10

bcb8edad20...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcb8edad207d3bb5bebf272d81ae402a

  • Size

    1.0MB

  • Sample

    240309-y6tksshd62

  • MD5

    bcb8edad207d3bb5bebf272d81ae402a

  • SHA1

    8400d843124579a019ca14ed4db9ceae0d29d153

  • SHA256

    bf0f75ba6e9771e814206d0021137e7a88ce15a98a211ffe73a7bedfa96892b8

  • SHA512

    1a7c98a4ce5aa19318bc5cd3d9b6a8adee69279edda616ff7775b208742d4263825fb837aa976cdf61b81d1a605f734ff402ada63417e643b666987c8d7eb760

  • SSDEEP

    12288:oxZi970EiCkJAu4RHYdnBu+JsCBdpUsKXGpnrDdvPPsKiegbaUJxHNBcO:oxZYtRHYdBlBo2FrJvMqmrV

Score
10/10
xloadera0celoaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

a0ce

Decoy

chennaiprintshop.com

criminallawbd.com

www140800.com

southernleaflounge.com

moderngypsydesignlabs.com

bioarmourtech.com

simplyalina.com

picnicdepot.com

peshawarsc.com

innovativecustomcabinetry.com

fzju-ovrzw.xyz

63mews.com

giovannitarga.com

modernofficeaccessories.com

a2zpetcare.net

online-nb.com

brateix.info

bosc.pro

xcarethospitality.com

sedulabs.com

Targets

    • Target

      bcb8edad207d3bb5bebf272d81ae402a

    • Size

      1.0MB

    • MD5

      bcb8edad207d3bb5bebf272d81ae402a

    • SHA1

      8400d843124579a019ca14ed4db9ceae0d29d153

    • SHA256

      bf0f75ba6e9771e814206d0021137e7a88ce15a98a211ffe73a7bedfa96892b8

    • SHA512

      1a7c98a4ce5aa19318bc5cd3d9b6a8adee69279edda616ff7775b208742d4263825fb837aa976cdf61b81d1a605f734ff402ada63417e643b666987c8d7eb760

    • SSDEEP

      12288:oxZi970EiCkJAu4RHYdnBu+JsCBdpUsKXGpnrDdvPPsKiegbaUJxHNBcO:oxZYtRHYdBlBo2FrJvMqmrV

    Score
    10/10
    xloadera0celoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks