Overview

overview

10

Static

static

Payment document.exe

windows7_x64

10

Payment document.exe

windows10_x64

10

Resubmissions

27-09-2021 04:27

210927-e27gbaffej 10

15-09-2021 13:46

210915-q22fvaagb2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment document.exe

  • Size

    532KB

  • Sample

    210927-e27gbaffej

  • MD5

    d0cceb56aaec4f8d458498904813b790

  • SHA1

    8efefaefb2a32c05c3282721be10c0b838c0cc96

  • SHA256

    bb60b98852cad89fe450ec8486cee96bb6932b29c692f97d5b7ed7936556845f

  • SHA512

    26137c91ab694b4bc21d06ed5f5f916c6884f7a7a94536a22948290c9cfa1cb1ac84ecd4f0893784eaab0eb6c674f05d6062b0dc6f61293935bb3eef53571de0

Score
10/10
xloaderdbewloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

dbew

C2

http://www.mengtai.xyz/dbew/

Decoy

unblock-sites.xyz

xkmfiue.com

8pz96.com

affkart.com

attila-velte.com

hyrq30.website

tinoovia.com

egraintrade.com

smokynagata.com

welojz.xyz

lizethdavid.com

traumland56.com

player23games.com

mvnupersonaltraining.com

anonymousmen.com

learnchinese-school.com

haus-us.com

homayounmusic.com

kp-taku.com

djalleykat.com

Targets

    • Target

      Payment document.exe

    • Size

      532KB

    • MD5

      d0cceb56aaec4f8d458498904813b790

    • SHA1

      8efefaefb2a32c05c3282721be10c0b838c0cc96

    • SHA256

      bb60b98852cad89fe450ec8486cee96bb6932b29c692f97d5b7ed7936556845f

    • SHA512

      26137c91ab694b4bc21d06ed5f5f916c6884f7a7a94536a22948290c9cfa1cb1ac84ecd4f0893784eaab0eb6c674f05d6062b0dc6f61293935bb3eef53571de0

    Score
    10/10
    xloaderdbewloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks