Overview

overview

10

Static

static

Sales Order.exe

windows7_x64

1

Sales Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sales Order.exe

  • Size

    1014KB

  • Sample

    210727-7bsbchlg8a

  • MD5

    fd84eb337a51966294ba08722170bf46

  • SHA1

    1f529d60e2dc50deaac59af322708039da33c3be

  • SHA256

    8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701

  • SHA512

    a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jantesetaccessoires.com/p6f2/

Decoy

redsnews.com

vr859.com

postmasterstudios.com

hampsteadorganizer.com

hangshop.net

maheshwaramlawcollege.com

5156087.com

gtaaddict.com

faj.xyz

drivechicagoillinois.com

neerutech.com

b2brahmas.com

freshlookks.com

propertyparallel.tech

tlwbyads.com

sellektorkids.com

dexs.fyi

kileybrock.com

nervstudio.com

tosg-ltd.com

Targets

    • Target

      Sales Order.exe

    • Size

      1014KB

    • MD5

      fd84eb337a51966294ba08722170bf46

    • SHA1

      1f529d60e2dc50deaac59af322708039da33c3be

    • SHA256

      8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701

    • SHA512

      a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks