Overview

overview

10

Static

static

3

61513e3002...d3.exe

windows7-x64

10

61513e3002...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 20:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3.exe

  • Size

    523KB

  • MD5

    0a5203e9b9b75f2c840989cf846a3cc5

  • SHA1

    06720790a4728ad08530373117a10e2769d6833e

  • SHA256

    61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3

  • SHA512

    407f8e7826da334346c4d474e884aebdd0618390aaf7de12e96112acd05e74d7546d69cd5b59781145f0d57450442fb1e98ba032db115adcaf997172c18e5a59

  • SSDEEP

    12288:uMNfJRiS6pxyynOiptzBsri2Lsg84uSB:usudXQiCri24V4zB

Score
10/10
xloadermc6bdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mc6b

Decoy

packyssportsbarandgrill.com

catherinemata.com

swooningheartsenterprises.com

miss-notary86.com

applianceson.website

investormonks.online

lootproject.art

adoletakids.com

searchlink7.com

msjoyjewelsunlimited.com

dannisdolls.online

premierpor.xyz

geceseks.com

camdaw.xyz

ditrixmed.store

yotosunny.com

asdeformar.com

lacofood.com

nu865ci.com

verdantgomkte.xyz

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader family
    xloader
  • Xloader payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3.exe
    "C:\Users\Admin\AppData\Local\Temp\61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3.exe
      "C:\Users\Admin\AppData\Local\Temp\61513e3002d53144e302a97f62382f19e9e4fbd3c820c1e0000cc793a5b7a2d3.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2376-6-0x0000000004D80000-0x0000000004DF6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2376-1-0x00000000001B0000-0x000000000023A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2376-2-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2376-3-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2376-4-0x000000007447E000-0x000000007447F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-5-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2376-0-0x000000007447E000-0x000000007447F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-7-0x00000000004C0000-0x00000000004E9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2376-15-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2792-9-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2792-10-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2792-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-16-0x0000000000AA0000-0x0000000000DA3000-memory.dmp

    Filesize

    3.0MB

    Download