Overview

overview

10

Static

static

3

d3344f685e...48.exe

windows7-x64

10

d3344f685e...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3344f685e1963f478711ee2d2d86c48

  • Size

    521KB

  • Sample

    240318-lxghnaee8z

  • MD5

    d3344f685e1963f478711ee2d2d86c48

  • SHA1

    6203016b209ecb8d1d4cfc4ffa0a885a33ffa3a8

  • SHA256

    cc92eda0a8290172b29b51ff05fa235ffd0389fce74d0a40d0e5cc1e4af11497

  • SHA512

    73f901c6c89e63beaf9638442200aa87b5ba2a988080c262392252a8b3d882451e9e16057fdd0478e391861f951d621ac71d6e7119d5aecc8d2e47a7cb69e5df

  • SSDEEP

    12288:7K0B1UX1uPN8WHj0Mu6X2gnb0Wt6qwLP9fYlCtcJzkM:u0B4UN8WHj0D07b0q6xfYWM

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      d3344f685e1963f478711ee2d2d86c48

    • Size

      521KB

    • MD5

      d3344f685e1963f478711ee2d2d86c48

    • SHA1

      6203016b209ecb8d1d4cfc4ffa0a885a33ffa3a8

    • SHA256

      cc92eda0a8290172b29b51ff05fa235ffd0389fce74d0a40d0e5cc1e4af11497

    • SHA512

      73f901c6c89e63beaf9638442200aa87b5ba2a988080c262392252a8b3d882451e9e16057fdd0478e391861f951d621ac71d6e7119d5aecc8d2e47a7cb69e5df

    • SSDEEP

      12288:7K0B1UX1uPN8WHj0Mu6X2gnb0Wt6qwLP9fYlCtcJzkM:u0B4UN8WHj0D07b0q6xfYWM

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks