Overview

overview

10

Static

static

HTK TT6002...df.exe

windows7_x64

10

HTK TT6002...df.exe

windows10_x64

10

Resubmissions

21-10-2021 12:22

211021-pkcwgsacd6 10

21-10-2021 11:37

211021-nq6kbabahj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HTK TT600202109300860048866 Payment Proof.pdf.exe

  • Size

    461KB

  • Sample

    211021-nq6kbabahj

  • MD5

    f12bf73a1cb81b5ddd8dd6ed66e610f1

  • SHA1

    cb8b0497c95512bf9233823f7d20937424c87207

  • SHA256

    6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33

  • SHA512

    385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad

Score
10/10
xloadereuznloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      HTK TT600202109300860048866 Payment Proof.pdf.exe

    • Size

      461KB

    • MD5

      f12bf73a1cb81b5ddd8dd6ed66e610f1

    • SHA1

      cb8b0497c95512bf9233823f7d20937424c87207

    • SHA256

      6446736e3662120e1fe4c3518bc8e6d14553f6b0b27aaf1fc5676e1f73a50c33

    • SHA512

      385c4de5deca014f7486f802efc9a305e2bd2c457a21b63f66bf6f3caef1acee6537f32c7cd4690ee0378939dfad4444abb832c31fb5b5cfcb5bf7ae86715bad

    Score
    10/10
    xloadereuznloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks