PROFOMA INVOICE.exe

General
Target

PROFOMA INVOICE.exe

Size

866KB

Sample

210924-q2accshbck

Score
10 /10
MD5

24736913b455be2ed3d1cc67c767afc4

SHA1

8026db0f265178cf013ac579c1b7267f4014bf2c

SHA256

a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

SHA512

49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

Malware Config

Extracted

Family xloader
Version 2.5
Campaign c2ue
C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

wingkingtong.com

innovativepropsolutions.com

transportesajusco.online

rosenblasts.info

ttsports.store

servpix.com

liveatthebiltmore.com

magentautil.com

aquolly.com

collabsales.com

bredaslo.com

suddisaddu.com

www920011a.com

uudh.info

bleuexpress.com

xivuko.com

upstatehvacpros.com

acami.art

thqahql.com

mauzabe.com

mydrones.net

franciseshun.com

nrrpri.com

adndpanel.xyz

straightcorndinner.xyz

locngrip.com

wgylab.xyz

greenmamba100.com

dmglobalconsult.net

alissanoume.xyz

Targets
Target

PROFOMA INVOICE.exe

MD5

24736913b455be2ed3d1cc67c767afc4

Filesize

866KB

Score
10 /10
SHA1

8026db0f265178cf013ac579c1b7267f4014bf2c

SHA256

a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

SHA512

49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          1/10

                          behavioral2

                          10/10