Overview

overview

10

Static

static

PURCHASE O...21.exe

windows7_x64

10

PURCHASE O...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER 72121.XLSX.Z

  • Size

    529KB

  • Sample

    210721-q3cgqsjlhj

  • MD5

    eb2997485c0642fd31ad3c5d87d6c4d7

  • SHA1

    2fc5d8d7b506faf0c4393957e26fe673cdf5dbbb

  • SHA256

    7e0a23b6d3ed3afd6d96e3b30ee48deea20f2252a3b4f1e4d9d770121004951c

  • SHA512

    9d62325aeb772b4ac2bb56d2b3fd1e018a0f98667f231ace81b4e0232c570a14aa0bc736d63b79eebc474d87079d4ea64913306254eb7ce1d104b41e43441e99

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.appackersandmoversbengaluru.com/p4se/

Decoy

weightlossforprofessionals.com

talkotstopandshop.com

everesttechsolutions.com

garboarts.com

esubastas-online.com

electriclastmile.com

tomio.tech

jacoty.com

knot-tied-up.com

energychoicesim.com

rocketcompaniessham.com

madarasapattinam.com

promosplace.com

newstarchurch.com

thesaleskitchen.com

slingmodeinc.com

jobresulthub.com

pillclk.com

shipu119.com

sibalcar.com

Targets

    • Target

      PURCHASE ORDER 72121.exe

    • Size

      661KB

    • MD5

      a5964d858bf1688f2de5746ec08dabf5

    • SHA1

      26e09b1f04394ff24d59c353c0d46b54afd8d363

    • SHA256

      c1ac4c50a78b858365062dc71a9fe5f3a3bdf39b4d8902b1f8311f2c2a86064b

    • SHA512

      bbd68474c00caaf56d82ddc688d6e523976b020736ab848683fcdbc5c647f36e52121b09866540bc3253ad4e86bc260be3e99886fc519a405e04e24ac13d4bb4

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks