Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    1.5MB

  • Sample

    210624-ngg5g9e56x

  • MD5

    0de7e23489e8526f010e7ebf3597acde

  • SHA1

    a29d564a3ffa196f8d78b832e95a65cbd726ab1a

  • SHA256

    2348867be2e6f27aa4cd8d07826357169e66667108b4784ae3144576e2e16377

  • SHA512

    d2ad2442df048d303a77bdcbcbef6c2755b7f024ce400bbb79d58cd91242f26e4df1e2054bc9cebd0a317c584611df49fa4cea1c288f683135669b94c7d2e3dd

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.shhxqg.com/xfts/

Decoy

dailiesplatform.com

krlanka.com

koms.info

chesslearner.com

softwarefully.com

yogiplayground.com

learhee.com

faithbook.info

pepperrefo.com

kratochvil-elektro.com

artbyg2.com

123-e.com

levelupyourbody.info

ecommercebusinessowner.com

floraseriestrilogy.com

sdyykt.com

swchof.com

huaxinhui.tech

sems-iress2016.com

vasudhalibrary.com

Targets

    • Target

      Purchase Order.exe

    • Size

      1.5MB

    • MD5

      0de7e23489e8526f010e7ebf3597acde

    • SHA1

      a29d564a3ffa196f8d78b832e95a65cbd726ab1a

    • SHA256

      2348867be2e6f27aa4cd8d07826357169e66667108b4784ae3144576e2e16377

    • SHA512

      d2ad2442df048d303a77bdcbcbef6c2755b7f024ce400bbb79d58cd91242f26e4df1e2054bc9cebd0a317c584611df49fa4cea1c288f683135669b94c7d2e3dd

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks