Overview

overview

10

Static

static

3

10b55b038f...0N.exe

windows7-x64

10

10b55b038f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10b55b038f70d21f31cd55f787d44ae0N.exe

  • Size

    743KB

  • Sample

    240727-2sg7dswcqc

  • MD5

    10b55b038f70d21f31cd55f787d44ae0

  • SHA1

    8ffb7bd8228f943c54e5137f1894dc6c8b4a54d3

  • SHA256

    6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05

  • SHA512

    86855a81e92af79055d141f52b73305734763cda1ca4602709e88e819c0e6b6b432bd60b24bde53d07081e2ad20a24dce62e502417be1f6bb665b55f62dea963

  • SSDEEP

    12288:zlqyqREeIzk+ZkO+SaTu8psEd7zp5I56IW3B2kb+tqYtkmJ1M:zNeIzJZkO5qsoPva6hEOsqOk0

Score
10/10
xloaderhfhfdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hfhf

Decoy

ddhh9500.com

lesterkwilson.store

southasianrepublicans.com

azumo.xyz

emptycc.net

lelasthriftboutique.com

redis76.com

marinebelaroi.com

hallibrewerproductions.com

elevareassessoria.com

haozhugou.com

anti-ragebot.com

bardo.xyz

dryerventmastersllc.com

qmhdxu.biz

getgoldentoday.com

crippledom.com

primedispatchers.com

052et.xyz

h2adubai.com

Targets

    • Target

      10b55b038f70d21f31cd55f787d44ae0N.exe

    • Size

      743KB

    • MD5

      10b55b038f70d21f31cd55f787d44ae0

    • SHA1

      8ffb7bd8228f943c54e5137f1894dc6c8b4a54d3

    • SHA256

      6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05

    • SHA512

      86855a81e92af79055d141f52b73305734763cda1ca4602709e88e819c0e6b6b432bd60b24bde53d07081e2ad20a24dce62e502417be1f6bb665b55f62dea963

    • SSDEEP

      12288:zlqyqREeIzk+ZkO+SaTu8psEd7zp5I56IW3B2kb+tqYtkmJ1M:zNeIzJZkO5qsoPva6hEOsqOk0

    Score
    10/10
    xloaderhfhfdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks