Overview

overview

10

Static

static

3

6759456d7f...8d.exe

windows7-x64

10

6759456d7f...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d.exe

  • Size

    1.0MB

  • MD5

    89e4639540ba8d5ca09f670c3fa03abe

  • SHA1

    e2d5ca1ff774c27772de84fd00ac22a070df0a2b

  • SHA256

    6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d

  • SHA512

    dde99cfa9d411061a597ebbb4ae306644c39ff1acd09f1e6e525c13e4108f34f9060336fd476e7d0ece3a6bba4d00e18fa3a0a3b245163933f6b722c6e050ac9

  • SSDEEP

    24576:gKZnnYMDx5YtLoooCqumfr6o6xQlBC1kex6eC:gKZnnbDxeZzmfr6pQ3E6e

Score
10/10
xloadertumbdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tumb

Decoy

securitybusinpuff.com

0er3xl.com

christinagriffithlaw.com

yadeck.com

ifne2021.com

companyintl.com

abioduncleaningservices.com

jadeshelf.com

professionalsupply.asia

hnmybella.com

socalpvrepair.com

storeangelbaby.com

rwnw.store

teenypix.com

ncgf34.xyz

vear.club

cursopslucas.com

bmsr.asia

growingyourlist.com

viviesse.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader family
    xloader
  • Xloader payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d.exe
    "C:\Users\Admin\AppData\Local\Temp\6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Local\Temp\6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d.exe
      "C:\Users\Admin\AppData\Local\Temp\6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2684-6-0x0000000005CC0000-0x0000000005DB8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2684-0-0x000000007427E000-0x000000007427F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-2-0x0000000074270000-0x000000007495E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2684-3-0x00000000004A0000-0x00000000004B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2684-4-0x000000007427E000-0x000000007427F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-5-0x0000000074270000-0x000000007495E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2684-1-0x0000000000C00000-0x0000000000D08000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2684-7-0x0000000000BB0000-0x0000000000BE0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2684-13-0x0000000074270000-0x000000007495E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2732-12-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2732-9-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2732-8-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2732-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2732-14-0x0000000000D10000-0x0000000001013000-memory.dmp

    Filesize

    3.0MB

    Download