Overview

overview

10

Static

static

3

ddcbbbf57d...bd.exe

windows7-x64

10

ddcbbbf57d...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddcbbbf57d993b67a8ad5ddf57be87bd

  • Size

    1.0MB

  • Sample

    240325-mk9jcagc4s

  • MD5

    ddcbbbf57d993b67a8ad5ddf57be87bd

  • SHA1

    e3ff4511baccd7dc64b538031bb359dd89e4d5fd

  • SHA256

    949ccbf2f4c1c61c3a3a09ff00448e2bc55421fa6d85479c11386813fa8f3f68

  • SHA512

    504b231d42e461a716de9c17ee30f6851cf5a6c00c54a8f5efe7fb22a4fa1e817c808c6711cfdf7e6498087101db8b67c73057b240c56664258f634e82bcec9b

  • SSDEEP

    12288:UCSqrIBNFRyaTymzVc4DlJvnOmcTFqup4l5RkQp36YyO+A:Uz6IBLRX2EJPOm7u05RkU3

Score
10/10
xloaderbp39loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      ddcbbbf57d993b67a8ad5ddf57be87bd

    • Size

      1.0MB

    • MD5

      ddcbbbf57d993b67a8ad5ddf57be87bd

    • SHA1

      e3ff4511baccd7dc64b538031bb359dd89e4d5fd

    • SHA256

      949ccbf2f4c1c61c3a3a09ff00448e2bc55421fa6d85479c11386813fa8f3f68

    • SHA512

      504b231d42e461a716de9c17ee30f6851cf5a6c00c54a8f5efe7fb22a4fa1e817c808c6711cfdf7e6498087101db8b67c73057b240c56664258f634e82bcec9b

    • SSDEEP

      12288:UCSqrIBNFRyaTymzVc4DlJvnOmcTFqup4l5RkQp36YyO+A:Uz6IBLRX2EJPOm7u05RkU3

    Score
    10/10
    xloaderbp39loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks