Overview

overview

10

Static

static

PO pdf.exe

windows7_x64

10

PO pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO pdf.exe

  • Size

    821KB

  • Sample

    210830-evd2bylhna

  • MD5

    3b6c42f05964fe8f2625c9a812651305

  • SHA1

    f294cb34db5a3a40b2f3ce054220746fb47ab9f2

  • SHA256

    2cb7c7c1cb918607912be236d42152a8f9d5347cabf4e815940f2b85c5d9f026

  • SHA512

    b9189896186d3197336adbbd94de0f3d7098b397659369ff8a3bf2e81deeef2ddb4d1b8a2a557aa060fafd71a21c7591deb1be74084900f0373908d2d6479eb0

Score
10/10
xloaderk8b5loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

k8b5

C2

http://www.chongzhi365.com/k8b5/

Decoy

sardamedicals.com

reelectkendavis4council.com

coreconsultation.com

fajarazhary.com

mybitearner.com

brightpet.info

voicewithchoice.com

bailbondscompany.xyz

7133333333.com

delights.info

gawlvegdr.icu

sdqhpm.com

we2savvyok.com

primallifeathlete.com

gdsinglecell.com

isokineticmachines.com

smartneckrelax.com

gardenvintage.com

hiphopvolume.com

medicapoint.com

Targets

    • Target

      PO pdf.exe

    • Size

      821KB

    • MD5

      3b6c42f05964fe8f2625c9a812651305

    • SHA1

      f294cb34db5a3a40b2f3ce054220746fb47ab9f2

    • SHA256

      2cb7c7c1cb918607912be236d42152a8f9d5347cabf4e815940f2b85c5d9f026

    • SHA512

      b9189896186d3197336adbbd94de0f3d7098b397659369ff8a3bf2e81deeef2ddb4d1b8a2a557aa060fafd71a21c7591deb1be74084900f0373908d2d6479eb0

    Score
    10/10
    xloaderk8b5loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks