Overview

overview

10

Static

static

3

745e543add...92.exe

windows7-x64

10

745e543add...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e59eb754d888a62343b5841ced3c14611f32eb996446947e83cdfc387838bf0f

  • Size

    800KB

  • Sample

    241121-za6e6axkhs

  • MD5

    159e75b3c44a35229d3f9c8c2529bca4

  • SHA1

    8554e2f60aca129f55dcccbc7a42befd437e3521

  • SHA256

    e59eb754d888a62343b5841ced3c14611f32eb996446947e83cdfc387838bf0f

  • SHA512

    d60eec0b28f43d339ea93afa6c0513ef1f566e508018ddccc0ce7a7e3c72a9a96e2383323beea4127c2bc59cca03d071661e34404b723126b25d6ccbdd888faa

  • SSDEEP

    24576:iUdDP6VOVCGppqHRIE6xJiUAQt14+1bCwk:i2P6QUGq5wiPW1k

Score
10/10
xloaderrmpcdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rmpc

Decoy

lrsdh.com

sugarcurd.com

genussqmzg.online

warkulat.net

topstitched.com

sman1kotatambaloka.xyz

hireprowriter.com

robroyrecords.com

merlinreport.com

topofluna.com

planident.com

hokashoesingapore.com

buckitload.com

xn--0k1a.com

mynba2k22.com

thiccblanket.com

zayedhealth.clinic

alfer-srl.com

sunnysikka.com

sdtcbh.com

Targets

    • Target

      745e543add6b5fa73b5074242ecac831c5386bf760acdd8fe5e5146be9da7192

    • Size

      947KB

    • MD5

      75c9e3e19f92b217e1212be899791335

    • SHA1

      33cd45f09df2e1ceb03348bda65d8c49ed371655

    • SHA256

      745e543add6b5fa73b5074242ecac831c5386bf760acdd8fe5e5146be9da7192

    • SHA512

      31f467ef0bd78c07b3b40bb61403b551ed0a5deb606fb2cfebe7af962af7a44d93f07b6d20b88715a66bf41ed5876824ce4b1c2a62a1cc7619e6c4875a32bd81

    • SSDEEP

      24576:NJTHwOJzBZ/+9cf5Awt/ll0fKCtZulP0pHN:XfJzHzxRDTEyQH

    Score
    10/10
    xloaderrmpcdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader family

      xloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks