Overview

overview

10

Static

static

swift_copy...df.exe

windows7_x64

10

swift_copy...df.exe

windows10_x64

10

Resubmissions

27-09-2021 03:06

210927-dltpvafedm 10

14-09-2021 15:14

210914-smbyraahel 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift_copy_MT103_pdf.exe

  • Size

    501KB

  • Sample

    210927-dltpvafedm

  • MD5

    1c620763897a2166e17aab168bcf0d09

  • SHA1

    5d3d29ab6ec3f5e4d80f188d15a97002347ea6de

  • SHA256

    98cd8d900722c5903311d5c8e6a64333fa8bcda553cef3c872ba54a74c6ee47e

  • SHA512

    a631295724d1896dba791db58d2d370bf1330ab57f328253294025f5695da05b7c3ec94192e48421a0c7d19899d9e3bed5aa96f61564d6183fb6857e4bf61077

Score
10/10
xloaderconvloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

conv

C2

http://www.7stepsmeal.com/conv/

Decoy

hydrusgraphene.com

eastwindshomes.com

f1-holding.com

tomrings.com

nickysclosetnest.com

eckare88.com

southboundsupplies.com

asilar.net

ludiali.com

sarahasmussen.com

terreetmerphotography.com

tesserlink.com

xayxcq.com

jobforage.com

76leads.com

onyamarx.com

sandrinafloral.com

a5y7tvmr4.xyz

greatdanesuk.com

superbartendergigs.store

Targets

    • Target

      swift_copy_MT103_pdf.exe

    • Size

      501KB

    • MD5

      1c620763897a2166e17aab168bcf0d09

    • SHA1

      5d3d29ab6ec3f5e4d80f188d15a97002347ea6de

    • SHA256

      98cd8d900722c5903311d5c8e6a64333fa8bcda553cef3c872ba54a74c6ee47e

    • SHA512

      a631295724d1896dba791db58d2d370bf1330ab57f328253294025f5695da05b7c3ec94192e48421a0c7d19899d9e3bed5aa96f61564d6183fb6857e4bf61077

    Score
    10/10
    xloaderconvloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks