HTK TT600202109300860048866 Payment Proof.pdf.exe

General
Target

HTK TT600202109300860048866 Payment Proof.pdf.exe

Size

461KB

Sample

211021-nq6kbabahj

Score
10 /10
MD5

f12bf73a1cb81b5ddd8dd6ed66e610f1

SHA1

cb8b0497c95512bf9233823f7d20937424c87207

SHA256

6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33

SHA512

385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad

Malware Config

Extracted

Family xloader
Version 2.5
Campaign euzn
C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

jakital.com

graywolfdesign.com

pepeavatar.com

predixlogisticscourier.com

football-transfer-news.pro

herbalmedication.xyz

esd66.com

janesgalant.quest

abcrefreshments.com

chaoxy.com

rediscoveringyouhealing.com

mcrjadr5.xyz

n4sins.com

faithful-presence.com

013yu.xyz

isystemslanka.com

newbeautydk.com

ethiopia-info.com

hgaffiliates.net

anodynemedicalmassage.com

esohgroup.com

clinicamonicabarros.com

rafathecook.com

londonescort.xyz

dreamites.com

webtiyan.com

cnnautorepair.com

soposhshop.com

aarohaninsight2021.com

arceprojects.com

Targets
Target

HTK TT600202109300860048866 Payment Proof.pdf.exe

MD5

f12bf73a1cb81b5ddd8dd6ed66e610f1

Filesize

461KB

Score
10/10
SHA1

cb8b0497c95512bf9233823f7d20937424c87207

SHA256

6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33

SHA512

385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10