Overview

overview

10

Static

static

PAYMENT IN...PY.exe

windows7_x64

10

PAYMENT IN...PY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT INSTRUCTIONS COPY.exe

  • Size

    533KB

  • Sample

    210831-2w5ayfvsax

  • MD5

    51c32b446180f49c6b6537a25a191b88

  • SHA1

    5a7187ad9215b34c62f96577286e01cab0436acd

  • SHA256

    65a1476fde2b2c018f8eaa5e96a77156baeb6f35bd46545db8745fa4fe0c4869

  • SHA512

    e622dd78122325b22e274238c025d3dfa0577b35ed1509d5fcdc3717a55484326377bc47541ac5c050183f1ab0add718e62f050d1ff1cb305f31c403749737dd

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      PAYMENT INSTRUCTIONS COPY.exe

    • Size

      533KB

    • MD5

      51c32b446180f49c6b6537a25a191b88

    • SHA1

      5a7187ad9215b34c62f96577286e01cab0436acd

    • SHA256

      65a1476fde2b2c018f8eaa5e96a77156baeb6f35bd46545db8745fa4fe0c4869

    • SHA512

      e622dd78122325b22e274238c025d3dfa0577b35ed1509d5fcdc3717a55484326377bc47541ac5c050183f1ab0add718e62f050d1ff1cb305f31c403749737dd

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks