Overview

overview

10

Static

static

3

e21a1e246b...8c.exe

windows7-x64

10

e21a1e246b...8c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e21a1e246b938b69433525682ee0f48c

  • Size

    529KB

  • Sample

    240327-txe9labc2s

  • MD5

    e21a1e246b938b69433525682ee0f48c

  • SHA1

    6b795d614d7921f177b14ad27c1bec25a903fdba

  • SHA256

    355dd96121c1930f9c9c0f94b6474d5cbeb3bcfd6a7c51a043674cc79a26c891

  • SHA512

    3c511e7e1f6688588a4843d1d76c38bd9c0327bca67967ccb0fa7416b64dd895fc1a7eb3735fc12cf4af0009539d059b194a2ede5638c5f123cdf2645e1c6fa6

  • SSDEEP

    12288:XhQVh9a17gNm5YnXDdx2OjKhNHySntnWjCTax4PdcGsBZrRHAcPo6:XhQVh9FDdx2GKzSStQCTax4PdcGsBZrZ

Score
10/10
xloaderpagiloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

    • Target

      e21a1e246b938b69433525682ee0f48c

    • Size

      529KB

    • MD5

      e21a1e246b938b69433525682ee0f48c

    • SHA1

      6b795d614d7921f177b14ad27c1bec25a903fdba

    • SHA256

      355dd96121c1930f9c9c0f94b6474d5cbeb3bcfd6a7c51a043674cc79a26c891

    • SHA512

      3c511e7e1f6688588a4843d1d76c38bd9c0327bca67967ccb0fa7416b64dd895fc1a7eb3735fc12cf4af0009539d059b194a2ede5638c5f123cdf2645e1c6fa6

    • SSDEEP

      12288:XhQVh9a17gNm5YnXDdx2OjKhNHySntnWjCTax4PdcGsBZrRHAcPo6:XhQVh9FDdx2GKzSStQCTax4PdcGsBZrZ

    Score
    10/10
    xloaderpagiloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks