Overview

overview

10

Static

static

Payment_invoice.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a69e4edcea5b98d7b7c79494da52d764518edc814ca85a58618aa9670e971d22

  • Size

    386KB

  • Sample

    210727-y6pjrtrrkj

  • MD5

    c7c7c9f8b7d93f03bc91f7d6fc8485cb

  • SHA1

    191fe5cec09465c3c97abd9c7c9361f67baf2c0f

  • SHA256

    a69e4edcea5b98d7b7c79494da52d764518edc814ca85a58618aa9670e971d22

  • SHA512

    5ce9d0fcea3048ff358abeda529380fc777a0a3402ae2c756995ad670a1f58d5337a4e5236485c7e17259720f4467a32f38f11b36d9072b5022dc5186ff5363a

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.illoftapartments.com/uecu/

Decoy

ishtarhotel.com

woodstrends.icu

jalenowens.com

manno.expert

ssg1asia.com

telepathylaw.com

quickoprintnv.com

abrosnm3.com

lumberjackcatering.com

beachujamaica.com

thomasjeffersonbyrd.com

starryfinds.com

shelavish2.com

royalglamempirellc.com

deixandomeuemprego.com

alexgoestech.xyz

opticamn.com

fermanchevybrandon.com

milbodegas.info

adunarsrl.com

Targets

    • Target

      Payment_invoice.exe

    • Size

      465KB

    • MD5

      caeb1a2bbfca44b5b1f10f8453e7560a

    • SHA1

      76b655c304528a5c5c7e106bfe41a296ed3dfbb3

    • SHA256

      5a1c5744f59d7213422beebe62f61a5f192af3873ca3937f565500338ba72c70

    • SHA512

      7418a4b1f65412ffe80e4c454fe1bfb6cbe14c701f6c87f79041fc217fdb76bde5d012c29a49d5bd47b0d1b9adaa18836b45e893d2ab476e424a5583ac3655d8

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks