Overview

overview

10

Static

static

BANKINV280...NO.exe

windows7_x64

10

BANKINV280...NO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BANKINV280308VBSINO.exe

  • Size

    845KB

  • Sample

    210421-63h6tmmb7x

  • MD5

    6fe314b5b083a64d830a528ba0568d70

  • SHA1

    6875a0afb8f02b27ac0b1aca81571bdb8e427f65

  • SHA256

    a09c8246d5ddd3d7b444c2b89ae0b486b767e30d7340efb2d92e07ab7a806109

  • SHA512

    ff7d760d603890f3382cda0ab9becfceff2783011a4fcec28b4655892126e5c14619729238cfbda63110d14a3f5cf346258bc12ddc97bb9267ce864fa1584aa9

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.trendyheld.com/edbs/

Decoy

ehealthak.com

kingdavidtiferetshop.com

allincursive.com

quickshop.xyz

hallfaxgroupuk.online

barebeautybrand.com

verificationpays.com

2k20-aide.com

cameralogs.com

blackdotdesignco.com

thepredictable360.com

huangguanlin600270.com

hounslowkebab.com

kuppers.info

ohjoephoto.com

bhavyaarora.com

thecoolprojector.com

abelprocess.com

856379765.xyz

growth.run

Targets

    • Target

      BANKINV280308VBSINO.exe

    • Size

      845KB

    • MD5

      6fe314b5b083a64d830a528ba0568d70

    • SHA1

      6875a0afb8f02b27ac0b1aca81571bdb8e427f65

    • SHA256

      a09c8246d5ddd3d7b444c2b89ae0b486b767e30d7340efb2d92e07ab7a806109

    • SHA512

      ff7d760d603890f3382cda0ab9becfceff2783011a4fcec28b4655892126e5c14619729238cfbda63110d14a3f5cf346258bc12ddc97bb9267ce864fa1584aa9

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks