Overview

overview

10

Static

static

Payment_invoice.exe

windows7_x64

1

Payment_invoice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment_invoice.exe

  • Size

    638KB

  • Sample

    210727-prwql9j77a

  • MD5

    29645cb14447ff578aaa9dc4243f11e6

  • SHA1

    cae1f1cfae48a35897e6c64b4f5b3de807af9aa4

  • SHA256

    08893f139b09f2dc17635f17baf1f34d2fdf730ea44a41ba54b914ffc024f0c9

  • SHA512

    36bbcc580af0e2b33bfd351fa4693ed40ee9485d099767612e8d45c6e0643f28f3b39915a56f98529c9ad8a4e16dd6888144e6ba9e6ccd7e3a765c27294e01cf

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.illoftapartments.com/uecu/

Decoy

ishtarhotel.com

woodstrends.icu

jalenowens.com

manno.expert

ssg1asia.com

telepathylaw.com

quickoprintnv.com

abrosnm3.com

lumberjackcatering.com

beachujamaica.com

thomasjeffersonbyrd.com

starryfinds.com

shelavish2.com

royalglamempirellc.com

deixandomeuemprego.com

alexgoestech.xyz

opticamn.com

fermanchevybrandon.com

milbodegas.info

adunarsrl.com

Targets

    • Target

      Payment_invoice.exe

    • Size

      638KB

    • MD5

      29645cb14447ff578aaa9dc4243f11e6

    • SHA1

      cae1f1cfae48a35897e6c64b4f5b3de807af9aa4

    • SHA256

      08893f139b09f2dc17635f17baf1f34d2fdf730ea44a41ba54b914ffc024f0c9

    • SHA512

      36bbcc580af0e2b33bfd351fa4693ed40ee9485d099767612e8d45c6e0643f28f3b39915a56f98529c9ad8a4e16dd6888144e6ba9e6ccd7e3a765c27294e01cf

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks