INVOICE.exe

General
Target

INVOICE.exe

Size

1MB

Sample

210924-rrbccahbfp

Score
10 /10
MD5

3e0b369f71d263bd0918bfce2b1873c3

SHA1

0919aa900e50b290cc90426537ec25a9c44496b0

SHA256

c10f872ac7d56c5c8d5151eb8d5c3aba275f83bd55700c0dc38776a04b275175

SHA512

6c5cb90c5519dbaf90b2ca2183d6c48a1cd216eeb1eff02f16d1042cdde5955734c7ea52408e6ec907abb1a5e4c40eca40b9ed830a92315fad4660861e425c3f

Malware Config

Extracted

Family xloader
Version 2.5
Campaign m6rs
C2

http://www.litediv.com/m6rs/

Decoy

globalsovereignbank.com

ktnrape.xyz

churchybulletin.com

ddyla.com

imatge.cat

iwholesalestore.com

cultivapro.club

ibcfcl.com

refurbisheddildo.com

killerinktnpasumo4.xyz

mdphotoart.com

smi-ity.com

stanprolearningcenter.com

companyintelapp.com

tacticarc.com

soolls.com

gra68.net

cedricettori.digital

mossobuy.com

way2liv.com

j9b.xyz

bmfgi.com

gargantua-traiteur.com

tavolabread.com

neoplus-create.com

tracks-clicks.com

santsp.com

tokusa-f.com

yardparx.online

seinvestments-sg.com

elegantbrushes.net

restaurantemachupicchu.com

ha0313.com

dock7rods.com

emphatictrifles.com

onefunline.top

caulsshop.com

kittyol.com

thehealthyheifer.net

plotmyplot.com

leewaysvcs.com

eur86.com

lightsinwall.com

jiankangkyw.com

travilent.com

dvaccounts.com

wittyon.com

tommywoodenski.com

dividendoylibertad.com

aqscksw.com

Targets
Target

INVOICE.exe

MD5

3e0b369f71d263bd0918bfce2b1873c3

Filesize

1MB

Score
10 /10
SHA1

0919aa900e50b290cc90426537ec25a9c44496b0

SHA256

c10f872ac7d56c5c8d5151eb8d5c3aba275f83bd55700c0dc38776a04b275175

SHA512

6c5cb90c5519dbaf90b2ca2183d6c48a1cd216eeb1eff02f16d1042cdde5955734c7ea52408e6ec907abb1a5e4c40eca40b9ed830a92315fad4660861e425c3f

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10