Overview

overview

10

Static

static

Invoice pdf.exe

windows7_x64

10

Invoice pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice pdf.exe

  • Size

    680KB

  • Sample

    210830-7gnz3ys5ta

  • MD5

    3a91f6caa3965066b881d1de7a67f1b9

  • SHA1

    6097fcf7687e0ec485eae2d57cf9b993ab520375

  • SHA256

    3085d62628657edccc65a18edda86f253fb86712a4e50b1cf67828bfa2d33e80

  • SHA512

    516b5704221bc49d607b80bafd6841976019f908869449c97f6a27c2840d43f62c76af2c5e464fb6b3f04079045b95883d3ed7fd684be1a269ec1663ba2b2dfb

Score
10/10
xloaderk8b5loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

k8b5

C2

http://www.chongzhi365.com/k8b5/

Decoy

sardamedicals.com

reelectkendavis4council.com

coreconsultation.com

fajarazhary.com

mybitearner.com

brightpet.info

voicewithchoice.com

bailbondscompany.xyz

7133333333.com

delights.info

gawlvegdr.icu

sdqhpm.com

we2savvyok.com

primallifeathlete.com

gdsinglecell.com

isokineticmachines.com

smartneckrelax.com

gardenvintage.com

hiphopvolume.com

medicapoint.com

Targets

    • Target

      Invoice pdf.exe

    • Size

      680KB

    • MD5

      3a91f6caa3965066b881d1de7a67f1b9

    • SHA1

      6097fcf7687e0ec485eae2d57cf9b993ab520375

    • SHA256

      3085d62628657edccc65a18edda86f253fb86712a4e50b1cf67828bfa2d33e80

    • SHA512

      516b5704221bc49d607b80bafd6841976019f908869449c97f6a27c2840d43f62c76af2c5e464fb6b3f04079045b95883d3ed7fd684be1a269ec1663ba2b2dfb

    Score
    10/10
    xloaderk8b5loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks