Overview

overview

10

Static

static

NEW PURCHA...21.exe

windows7_x64

10

NEW PURCHA...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW PURCHASE030421.exe

  • Size

    763KB

  • Sample

    210304-v5wwqnmghs

  • MD5

    22a713d3238d80c59e754d58dbbc258b

  • SHA1

    eac5f6f22c3aa5e1616c683925db9b568a9b0813

  • SHA256

    58415bcbd41e70c3f6d45f7b4fa75cf79c1f86f790decfec1dfe52be21f4c994

  • SHA512

    f03cc374c3bfa1de62de177e99e6e5669664f1f70ded3b29972faa40d682461419b83655aba05b611efc0b3b1042face10a91f32fc2759a05d827138ab4c103d

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

C2

http://www.besthardinquiryremoval.services/noi6/

Decoy

daliglobalservice.com

thenationschristianchurch.com

aliqy.com

grace-saunders.com

endlessretirement.com

stanleycupticket.com

dltgame.club

healthqnahindi.com

salniyrk.icu

laurasbaked.com

vintagechinese.com

agrocomposites.com

aimedsports.com

vegeatsdirect.com

goh-pbl.com

fairview.global

affiliateprogramscenter.com

blogizarshop.com

loorzon.com

curtex.info

Targets

    • Target

      NEW PURCHASE030421.exe

    • Size

      763KB

    • MD5

      22a713d3238d80c59e754d58dbbc258b

    • SHA1

      eac5f6f22c3aa5e1616c683925db9b568a9b0813

    • SHA256

      58415bcbd41e70c3f6d45f7b4fa75cf79c1f86f790decfec1dfe52be21f4c994

    • SHA512

      f03cc374c3bfa1de62de177e99e6e5669664f1f70ded3b29972faa40d682461419b83655aba05b611efc0b3b1042face10a91f32fc2759a05d827138ab4c103d

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks