Overview

overview

10

Static

static

3

c1ab0cd682...df.exe

windows7-x64

10

c1ab0cd682...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1ab0cd682c0c413e3a97367a956c4df.bin

  • Size

    788KB

  • Sample

    240313-c4xc1scf43

  • MD5

    c1ab0cd682c0c413e3a97367a956c4df

  • SHA1

    42e55a771d90cde1ab5b43e95a567dc6a838e791

  • SHA256

    f288b16da5d90835bd0d44ea4abf3a81d249c3470997edca80a61fcb5866a526

  • SHA512

    8c125f0c63435af7a99f70afecd9a391ac3bb91be58b58f6fc503fbdfc2d72707679ce808f1d85c73bbb508a6212f597f7708b7383f5efca3018c9d925ab5994

  • SSDEEP

    12288:Xe4mNPh8Hr4XpFym6jT0SU/VqBckWjQjb7mDuDDn2iN:Xehhs4XpomqTlqVChbr/1

Score
10/10
xloaderb8euloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

Targets

    • Target

      c1ab0cd682c0c413e3a97367a956c4df.bin

    • Size

      788KB

    • MD5

      c1ab0cd682c0c413e3a97367a956c4df

    • SHA1

      42e55a771d90cde1ab5b43e95a567dc6a838e791

    • SHA256

      f288b16da5d90835bd0d44ea4abf3a81d249c3470997edca80a61fcb5866a526

    • SHA512

      8c125f0c63435af7a99f70afecd9a391ac3bb91be58b58f6fc503fbdfc2d72707679ce808f1d85c73bbb508a6212f597f7708b7383f5efca3018c9d925ab5994

    • SSDEEP

      12288:Xe4mNPh8Hr4XpFym6jT0SU/VqBckWjQjb7mDuDDn2iN:Xehhs4XpomqTlqVChbr/1

    Score
    10/10
    xloaderb8euloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks