Overview

overview

10

Static

static

MV. CMA CG...CE.exe

windows7_x64

10

MV. CMA CG...CE.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV. CMA CGM Verdi V-250E AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT 709447464231.pdf.exe

  • Size

    618KB

  • Sample

    210420-rydggzmjd6

  • MD5

    63dcc61b0f612a3ca6e5b95aec34e0a3

  • SHA1

    8ab4141f2c2b6b2387a2e42d5974585d1f09954f

  • SHA256

    7f30f6235ede3ca640a27c640c291228e74c1699b460147d5c18bddc3795bd8b

  • SHA512

    59b698821df1a6c45e07aa12c9bff248de7ed9e557f3f28fa09717992e31f9f358f54fbd72abd1e2eadd870b423f819c86c2c1fef5c9c7c5e54430987908dc57

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.designart-sh.com/q44r/

Decoy

mauricenorthmore.com

9nahvj2e-666.com

vkfrr.com

lowendtherapy.com

breizh-charente-maritime.com

academydocprep.com

scampifoods.com

afamnite.com

southeasternsteakcompany.com

rokos-capital.net

gofargo-together.com

zbytlt.com

rline-official.com

ibusier.net

protectedmaintenance.com

proxrem.com

microsemiportal.com

fpvvoleibolmenores.com

creativegrowthllc.com

godslineaccelerated.com

Targets

    • Target

      MV. CMA CGM Verdi V-250E AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT 709447464231.pdf.exe

    • Size

      618KB

    • MD5

      63dcc61b0f612a3ca6e5b95aec34e0a3

    • SHA1

      8ab4141f2c2b6b2387a2e42d5974585d1f09954f

    • SHA256

      7f30f6235ede3ca640a27c640c291228e74c1699b460147d5c18bddc3795bd8b

    • SHA512

      59b698821df1a6c45e07aa12c9bff248de7ed9e557f3f28fa09717992e31f9f358f54fbd72abd1e2eadd870b423f819c86c2c1fef5c9c7c5e54430987908dc57

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks