Overview

overview

10

Static

static

3

win32.exe

windows7-x64

10

win32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    win32.exe

  • Size

    370KB

  • MD5

    a9603bd99100cac3d701d5294228bf19

  • SHA1

    10b504ddd800474cd328ce3600b68698c52c342f

  • SHA256

    56f6ae8977212fbc76c8395b969260cbb6daa8e73a6118b0e1493ab71722ddc8

  • SHA512

    549c3bcf0e1ccea52e1ee48a893b801ff77dbb99dde1752e563e8b042009cad08d1ce4448e9bd27ee6353916beb2767c897d3631f7303f3cba77d31d80a57ac2

  • SSDEEP

    6144:45yeUG+CmIqC73I6OYBmVX8cp6RetfXhdJo7LgBq1KfXr/UV1qi:45bDKIqCk6jEscpieNXhdOPM0Kvr/pi

Score
10/10
xloadere8mcloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

e8mc

Decoy

cristiansantacruz.com

martijnvanderlinden.media

magen-tracks.xyz

sdghotel.com

vigilantmagazine.com

baihuaresort.com

zealoteck.com

qr-world.info

madousp.info

gmailcoo.com

beautychoicecosmetics.com

ninjadigitalmarketing.net

bestdormroomessentials.com

partsground.com

nhimlike.com

onatstore.com

zoisalud.com

atxrepublicans.com

spellsislam.com

about-sexy.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader family
    xloader
  • Xloader payload 3 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\win32.exe
    "C:\Users\Admin\AppData\Local\Temp\win32.exe"
    1⤵
      PID:2360

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2360-2-0x0000000000910000-0x0000000000A10000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2360-1-0x0000000000400000-0x0000000000854000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/2360-4-0x0000000000400000-0x0000000000854000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/2360-3-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

      Download