Overview

overview

10

Static

static

PO#2005042020.exe

windows7_x64

10

PO#2005042020.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#2005042020.exe

  • Size

    1011KB

  • Sample

    210727-4hdd4z88ls

  • MD5

    a6be00db2846375bca4609defecd7bf5

  • SHA1

    b942941deafa2af11fd59731a4bb84808601ef29

  • SHA256

    72f524700194c68a6f78f7d0d984e579b736d328ef5900d34f26773855f25d42

  • SHA512

    deab5d2aeffd5b7f022bcafe686844845a191f39bb9157d4a6d053e9e4de134dc3cd479badc3f3a0ab3526711429f9b4353f066adccc1cbe6992d900e8294a2a

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.ameri.loans/dt9v/

Decoy

scandinavianview.com

120x600businessskyscraper.fail

livebigrace.com

fussygang.net

afiyetmarket.com

shopcerygensan.com

iregentos.info

anidonia.com

vtnywvebm.club

envcons.com

blackpharaohbeards.com

shortsnsuits.com

digitalvv.com

czechagents.com

texasadvancedsurgery.com

erhob.com

fastypro.com

singlemomsurvival.com

mohitiitr.com

airsoftoutlet.store

Targets

    • Target

      PO#2005042020.exe

    • Size

      1011KB

    • MD5

      a6be00db2846375bca4609defecd7bf5

    • SHA1

      b942941deafa2af11fd59731a4bb84808601ef29

    • SHA256

      72f524700194c68a6f78f7d0d984e579b736d328ef5900d34f26773855f25d42

    • SHA512

      deab5d2aeffd5b7f022bcafe686844845a191f39bb9157d4a6d053e9e4de134dc3cd479badc3f3a0ab3526711429f9b4353f066adccc1cbe6992d900e8294a2a

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks