Overview

overview

10

Static

static

10

b.exe

windows7-x64

10

b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5

  • Size

    118KB

  • Sample

    241121-y2f4xawqev

  • MD5

    2c91f5fb613f6875e9065444f7a70e07

  • SHA1

    f9b7091c1b3da5425c52e45c852e8bc7e338cdd0

  • SHA256

    c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5

  • SHA512

    241800ee0bbdad7447b7b1bab523034ece85ea4d09550416fd48ff65155b9f4f812ca3d634bb72ceb493489d683fcc194783808d72c1cd39042c44fbe1d9f8ed

  • SSDEEP

    3072:cWHx9YEJ6tfezy7iM2elbumkiQWIvOAulLU8/6EMG6:hMEJ4eu7T2YkRWBAsU8y3

Score
10/10
xloaderu8cqdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u8cq

Decoy

ardentb.com

kaeltefath.com

galataegitimkurumlari.net

rap8b55d.com

zn9998.com

alvinceremiaam.xyz

whitecorp.net

plandout.com

craftscora.com

katx.info

ruleship.com

qinuxdrone4k.com

vtprealtor.com

serviciomovistar.online

amazon939.com

gm8898.com

housesyrron.com

impqtantaou.com

linksmarttech.net

tubbipets.com

Targets

    • Target

      b.bin

    • Size

      164KB

    • MD5

      abcf9c4951969838d5f6ba1c366628f2

    • SHA1

      ed7503276c7ffbab2caa4ee5162e9bbda42fa921

    • SHA256

      3a273798af77eead6eb9269b272f25c99a26ca3f6c7e38567249f66484f6edec

    • SHA512

      073cbafd67ca5399e32b52cd2bc4b91161799b955d96f53d1549c113e578f6be7464a30b5f9c649db47045d8e0b19cafde150c1d3f7b4b84529016147b3e2572

    • SSDEEP

      3072:MpW/wWQ5EkDbwmSuoUufCzPwcldRhJYPe+rrWbKpDhwi9F4bb:tTHduoD8IcldR8W+rrjp9D9F4b

    Score
    10/10
    xloaderu8cqloaderratdiscovery

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader family

      xloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks