Overview

overview

10

Static

static

Lista de o...ra.exe

windows7_x64

10

Lista de o...ra.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lista de ordenes de compra.zip

  • Size

    331KB

  • Sample

    211001-m61tbsbfak

  • MD5

    d7ba28b5766e61316bdca6f63f3377c5

  • SHA1

    18726e9b5bbcd48ce73a6b7d176179b8e91f8ed2

  • SHA256

    69dcfb5a20f34c649ed18aa7d02733aef12c54f153ba46c6ae90a00f0b05a9fa

  • SHA512

    8e1529ebb0daa6eb07d0a681b9489d08d8cfedd9ef49d6c40c968a9e3d98f1f46131e16c7739c388d58d7c38911e5085464b85c2365f2ae7dcbe12a34d3e9f08

Score
10/10
xloaderpvxzloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

    • Target

      Lista de ordenes de compra.exe

    • Size

      653KB

    • MD5

      a8732c40f2c0e569f938a59e0ccb8130

    • SHA1

      1b4683cec4d54b3217b10d3a4908537ce52a9808

    • SHA256

      9c558e9f026119bab2580c1e38533870d351b1e01e65341427194504e2cdf490

    • SHA512

      e3241131f6f101c1113cf3802a1619736a4fc135c7bb69d3b97605e57bb5554b1b06fba060662cb46d47a63d12a04d58ae44382f28733922b1e4523b25a2b5d0

    Score
    10/10
    xloaderpvxzloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks