Overview

overview

10

Static

static

Order Sign...PO.exe

windows7_x64

10

Order Sign...PO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order Signed PEARLTECH contract and PO.exe

  • Size

    821KB

  • Sample

    210722-ryvczt6ywj

  • MD5

    e3e0623e2680c0a2d7d42ae5476eee8f

  • SHA1

    55ada3a7fc22ab1fafc47fefac6a8be8a741a7b8

  • SHA256

    7b8353f603a3cbc9e87b5845409c451fc624d6757cdb93255e5fa4bec5737b21

  • SHA512

    10a9b2ff6e4f67b1c211c2f1228d079401348362655613c06c1ea547917ea05e9aa63774ec8b34386aca162235eb992187f4c73b3fb3fbc7b7ad84d825ce97e1

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.skelligsseasafari.com/dzqd/

Decoy

weekendsday.com

kansasfriedchiken.com

bestselfdrive.com

timeleveragechallenge.com

theunboxiblenation.net

adriaeurope-group.com

acrylicphotobloc.com

theincentivized.com

histreetbutler.com

kumamkt.com

cutepuppyspot.store

crisp-ui.com

easyecotour.com

longshotloungeenglewood.com

esotericclothingco.com

henglai58.com

handmadecircles.com

k9itsrk940aeq6.xyz

service-it-net.com

rt-p-c-14h9-1elk-jpzs.com

Targets

    • Target

      Order Signed PEARLTECH contract and PO.exe

    • Size

      821KB

    • MD5

      e3e0623e2680c0a2d7d42ae5476eee8f

    • SHA1

      55ada3a7fc22ab1fafc47fefac6a8be8a741a7b8

    • SHA256

      7b8353f603a3cbc9e87b5845409c451fc624d6757cdb93255e5fa4bec5737b21

    • SHA512

      10a9b2ff6e4f67b1c211c2f1228d079401348362655613c06c1ea547917ea05e9aa63774ec8b34386aca162235eb992187f4c73b3fb3fbc7b7ad84d825ce97e1

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks