DHL invoice KULIR00895239.pdf.exe

General
Target

DHL invoice KULIR00895239.pdf.exe

Size

438KB

Sample

211021-wzxb1abedr

Score
10 /10
MD5

f668e4c9cc8a691b159e2033f30f50b5

SHA1

3ef37ae10df8f196b68f69db29a7f369fa181970

SHA256

07826de5569163107133c374c0f4fde7f494118f127cce285a2a280d98b2dd3b

SHA512

92cef7c693652fbd31f878b2f5a759c6bacfc07e479a64cf0ce8ddb9cf35468c4a0630eac572185b90b1fc7e7076e3b6f6859d1ad39c7da7d1fdffb8cf67d90d

Malware Config

Extracted

Family xloader
Version 2.5
Campaign m6t2
C2

http://www.vmhenterprise.com/m6t2/

Decoy

somethinghaatke.net

bluehubwriters.com

ptfitnet.com

coastelevatorinteriors.com

hellensilvamkd.com

feekyfeeky.com

studioemiko.com

high-clicks2.com

troyleedesigns.club

peopletrucksinsurance.com

lameducation.com

pundiajaib.com

photosonunderwear.com

hautegirlmarket.com

groopadamce.quest

ignitivehq.com

partyprintable.digital

unlimitedrehab.com

awaytraveltnpasumo6.xyz

hourly.limo

meituandh.xyz

gpwconstrutoraincorporadora.com

azshalomcenter.com

tripeater.com

howzat.academy

certifiedprotradebot.icu

aigreen-ls.com

kwuthh.com

septum.xyz

lifeguardingcoursenearme.com

cupsnax.com

037atk.xyz

movingtolincolnca.com

cherrywoodranchvacationhome.com

tryandmiss.com

socialviralup.com

huiying666.xyz

contact6.email

bindraussen.info

feltamazeballs.com

vulkan-mirror.space

financialwebservices.com

crownexpresssglobal.com

koffishop.com

theawesomesavings.com

respiratoryathome.net

takut9.com

pittboss-bbq.one

brailion.com

ophthalmologyignite.com

Targets
Target

DHL invoice KULIR00895239.pdf.exe

MD5

f668e4c9cc8a691b159e2033f30f50b5

Filesize

438KB

Score
10 /10
SHA1

3ef37ae10df8f196b68f69db29a7f369fa181970

SHA256

07826de5569163107133c374c0f4fde7f494118f127cce285a2a280d98b2dd3b

SHA512

92cef7c693652fbd31f878b2f5a759c6bacfc07e479a64cf0ce8ddb9cf35468c4a0630eac572185b90b1fc7e7076e3b6f6859d1ad39c7da7d1fdffb8cf67d90d

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10