Overview

overview

10

Static

static

Confirmaci...ta.exe

windows7_x64

10

Confirmaci...ta.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirmacion de pedido adjunta.zip

  • Size

    341KB

  • Sample

    211015-vs1keabbf6

  • MD5

    b679fd1bee4485a5a19a68092e6a6458

  • SHA1

    fb9e37871a635d4d37621c5591e9b956a08a518f

  • SHA256

    b31ccef7bdf1791270ed8dfea977fbc89c89ce02a3b8e1e4448814d1989c2ff0

  • SHA512

    33e307c67b46a43bb3ab74f81cefdf4d6dbe93bc85eb789b9dade8664f4851a87aa51dd17d6af09b983d6d4cad952cbeceb50fed7ba2413fcbb5b10aeb072c66

Score
10/10
xloaderpvxzloaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

    • Target

      Confirmacion de pedido adjunta.exe

    • Size

      678KB

    • MD5

      040a8260884518ab908a2a0e97817bc5

    • SHA1

      e66db10967767d32c75a6d29e1d982fbcd9a0390

    • SHA256

      c337b8ea797cbd83791f52fc82156c1f9ffba9557b20ed73581dc788fddba788

    • SHA512

      9553d0c5d9996c83dd1656a96c7bc8d6474234ff0e16f14b94d0c0c7056b4fd00337cb452c31555b150d2fba6d4081e95e6212365426e92833bcc72978bd7cc6

    Score
    10/10
    xloaderpvxzloaderpersistencerat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks