Overview

overview

10

Static

static

Inv_7623980.exe

windows7_x64

Inv_7623980.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv_7623980.exe

  • Size

    1.1MB

  • Sample

    210727-j3z6kav2v6

  • MD5

    24de383154bbdc31b305fd25a3ee95db

  • SHA1

    7d3be8631affd24746beeec725b4ad0d518805b8

  • SHA256

    790898f9518c146e7ffa430b975ee0f5bc162b6b5a5dba008e0572741312bc19

  • SHA512

    7dee6bb2ca1996706c59cab95575200b3273bc2e110d9514527d8b5cda4d33bb65a9bf12a7c015568e16a8646cbd5e7df0f71321708ed60de884822cc4855090

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.inverservi.com/m6b5/

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

    • Target

      Inv_7623980.exe

    • Size

      1.1MB

    • MD5

      24de383154bbdc31b305fd25a3ee95db

    • SHA1

      7d3be8631affd24746beeec725b4ad0d518805b8

    • SHA256

      790898f9518c146e7ffa430b975ee0f5bc162b6b5a5dba008e0572741312bc19

    • SHA512

      7dee6bb2ca1996706c59cab95575200b3273bc2e110d9514527d8b5cda4d33bb65a9bf12a7c015568e16a8646cbd5e7df0f71321708ed60de884822cc4855090

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks