Overview

overview

10

Static

static

3

e079f05837...f7.exe

windows7-x64

10

e079f05837...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e079f05837536051b8b3cfa9884a5ff7

  • Size

    847KB

  • Sample

    240327-b6sbeahe63

  • MD5

    e079f05837536051b8b3cfa9884a5ff7

  • SHA1

    cf1f565bf2fb23f78948329641f1eafe8a14c078

  • SHA256

    35e50a9d07903f1987a19115dfecdea79cec0844a04883e47106a2969d496ee6

  • SHA512

    12e37b76190748a39aad482b45b9a4aa547695a7c440a2ed2dbd5f10214c7ead3fcfd6e3ac142df29dc431fb53ab906007b5fb21cdf8769e536d641ab9bd3398

  • SSDEEP

    12288:+jmuRRyzFy6YNsIHi3dwIMbHq2Aq19sJHO3mKCHcjQMCY2Y7FNNz+ETv:b86Y9HiNwIymqzsHHcjyYl7FNNaET

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      e079f05837536051b8b3cfa9884a5ff7

    • Size

      847KB

    • MD5

      e079f05837536051b8b3cfa9884a5ff7

    • SHA1

      cf1f565bf2fb23f78948329641f1eafe8a14c078

    • SHA256

      35e50a9d07903f1987a19115dfecdea79cec0844a04883e47106a2969d496ee6

    • SHA512

      12e37b76190748a39aad482b45b9a4aa547695a7c440a2ed2dbd5f10214c7ead3fcfd6e3ac142df29dc431fb53ab906007b5fb21cdf8769e536d641ab9bd3398

    • SSDEEP

      12288:+jmuRRyzFy6YNsIHi3dwIMbHq2Aq19sJHO3mKCHcjQMCY2Y7FNNz+ETv:b86Y9HiNwIymqzsHHcjyYl7FNNaET

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks