Overview

overview

10

Static

static

1

Bill Of La...gz.exe

windows7_x64

10

Bill Of La...gz.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bill Of Lading & Packing List.pdf.gz.exe

  • Size

    207KB

  • Sample

    210501-19qayf94j2

  • MD5

    8fa3305b6265fa3c61f58ce580b07f54

  • SHA1

    2123a32738d6f92cd893c7a67603e14042c849b6

  • SHA256

    18ff6408798a94561e9fc4f6fb43dcc279b9b98a554e5cd26ab1944f7b75e35a

  • SHA512

    296a848fb00a4e9b52ee02c761f5e9eb1d973b52aa60d1ac03a9decfe4e4202a0e04f315c334846f15ce6aef65ded028c5a93a87a1d84861c7b376db6602971a

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.citestaccnt1597666144.com/ud9e/

Decoy

casezs.com

gascubby.com

pekodains.com

superskosh.com

avktinfracon.com

slink.finance

thegreathopeofearth.com

thebattleofthestars.com

utmxpxq.icu

mamaandbabycleaningservice.com

officialtimelessbeauty.com

keeper.network

leyingcp.com

helpforharrysheroes.com

cohenforleehealthboard.com

wsilhavy.net

logisticsconsultinglimited.com

btechnician.com

dynamicpersiankitten.com

nuplaz.com

Targets

    • Target

      Bill Of Lading & Packing List.pdf.gz.exe

    • Size

      207KB

    • MD5

      8fa3305b6265fa3c61f58ce580b07f54

    • SHA1

      2123a32738d6f92cd893c7a67603e14042c849b6

    • SHA256

      18ff6408798a94561e9fc4f6fb43dcc279b9b98a554e5cd26ab1944f7b75e35a

    • SHA512

      296a848fb00a4e9b52ee02c761f5e9eb1d973b52aa60d1ac03a9decfe4e4202a0e04f315c334846f15ce6aef65ded028c5a93a87a1d84861c7b376db6602971a

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks