Overview

overview

10

Static

static

10

msiexec_dump.exe

windows7-x64

5

msiexec_dump.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61cdea2c20945e04f08a759377c43287fed1e3bc2a8896f605dcf66114cdf9eb

  • Size

    152KB

  • Sample

    241121-zrnxfaxnh1

  • MD5

    df1b4eb229123d1c559a758a739e109f

  • SHA1

    4326d0dc3b170597459210b3e755c19b8cbf5dfe

  • SHA256

    61cdea2c20945e04f08a759377c43287fed1e3bc2a8896f605dcf66114cdf9eb

  • SHA512

    9304b51c2b997b4088983a7bc65af5f8d3c2d98a61dc9b7f95100c6504b654a752205093d1ed6a0a56381479ced78b4a26b59ea35dec24add55beb51df160ea2

  • SSDEEP

    3072:INqrJTezYnHrnDLlsjNAutGdFeLVmFVak8djZIb8am/Iol5aHs:ISc4blMNZtGOViVaJ9uCaM

Score
10/10
xloaderm664discoveryrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m664

Decoy

theorganisedweddingcompany.com

rugsnz.site

tlcpetsitting-ak.com

sicherheit-solutions.com

yourmillennialinsider.com

planesnissanargentina.com

pinkrose210.com

contact-fip.com

upward-housing.com

digitalmktgservices.com

sabaibakery.com

qtpelearn.com

baldofvizcondephotography.com

canadadigitalnews.com

toyboxwino.com

losangelesdanceclasses.com

donjon2944.com

northernirelandmusictherapy.com

accmix.com

flimty-sicilystore.com

Targets

    • Target

      msiexec_dump.exe

    • Size

      244KB

    • MD5

      4daf1064001aa9bd948a4af5bb56beef

    • SHA1

      77f70b592eeb9ddbf06613f2d5f1dc8eeaac4294

    • SHA256

      fcd65bba6fcd68549c329ed6a4d07490d6ea7c928332e6066593c7fc274ea6ec

    • SHA512

      f153027a1ec7ea0d1db97cc6fa6a94ecdb6bf6549cfa9138d5a4201190ad4895a718418c73a5e6ea799a23113e385a3a75149e85b930f4296ef309de3dcaca02

    • SSDEEP

      6144:fvpRxSKdvhXDB9Cp1RAco1TpSMsOiWfKlKgRYN0e:pRxvd90Z6TpSMsWbNP

    Score
    5/10
    discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks