Overview

overview

10

Static

static

REQUEST FO...df.exe

windows7_x64

10

REQUEST FO...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REQUEST FOR QUOTATION 1307-RFQ.pdf.exe

  • Size

    1.5MB

  • Sample

    210430-467s7jy3ha

  • MD5

    c8e023a90c7e5e165f6b16317c822ce4

  • SHA1

    27b416606206bc03980dbd83858d33fc188ca926

  • SHA256

    13ec453c6271270eaea5be0958c7135ef449bd2ff1e74ad268fe76df32db5d72

  • SHA512

    710f7ee5e58c7d7c62241e2419ba9842c1dd892ad7081660da4d514762427d8479ff1aa8cb0c6262514a3710e5a7eff488cab71585e7a3de85ca1346bcd05c05

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.huamxvcyq.icu/aepn/

Decoy

noesos.com

partsus.xyz

manageordercentersupp.com

wickedwallart.com

hike4cash.com

theviragocircle.com

followthesharks.com

paradisevalleywines.com

unmetrolimpio.com

eurocarsnj.com

alvaroeliseo.com

bfc8.xyz

oldcourts.com

bkpef.info

mammately.com

agentcharles.com

wwwmichiganbulb.com

pensolid.info

hibiscushealthcare.com

mwanakbk.com

Targets

    • Target

      REQUEST FOR QUOTATION 1307-RFQ.pdf.exe

    • Size

      1.5MB

    • MD5

      c8e023a90c7e5e165f6b16317c822ce4

    • SHA1

      27b416606206bc03980dbd83858d33fc188ca926

    • SHA256

      13ec453c6271270eaea5be0958c7135ef449bd2ff1e74ad268fe76df32db5d72

    • SHA512

      710f7ee5e58c7d7c62241e2419ba9842c1dd892ad7081660da4d514762427d8479ff1aa8cb0c6262514a3710e5a7eff488cab71585e7a3de85ca1346bcd05c05

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks