Overview

overview

10

Static

static

PO#202110223.exe

windows7_x64

10

PO#202110223.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#202110223.exe

  • Size

    358KB

  • Sample

    211028-qz8gdagdfr

  • MD5

    83b2d40ea6befc3d84aa4a074b44d883

  • SHA1

    92705faddead19db804e2c4d919f661afe0c3453

  • SHA256

    6440e29b946df58c3cbd6ecdfb42ae88bb42d19b892bce094abf6834019c051f

  • SHA512

    d018645af02a775f001ecf84ce06f0fe51f8df4c40902b5c1e570fa43bbb50ee9af86a86cc872f8f37a5860eb0729552435a8b862a4c3f17d85954b6c6c3d864

Score
10/10
xloaderop08loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

op08

C2

http://www.jjmpestman.com/op08/

Decoy

youva.online

bbyyn1.xyz

cuttizy.com

octoorder.com

empiredigitaldating.com

giuseppedelcampo.com

kingstons.info

kwanta.info

soulworkerrush.com

sookrit.com

flambeauxartpottery.com

360metaverse.online

adnilm.com

interiordesignhampshire.com

bitpaynumber.support

aliancafm.com

tivohub.xyz

xn--ucy193f.com

smartmapom.com

thelifeofrileyelizabeth.com

Targets

    • Target

      PO#202110223.exe

    • Size

      358KB

    • MD5

      83b2d40ea6befc3d84aa4a074b44d883

    • SHA1

      92705faddead19db804e2c4d919f661afe0c3453

    • SHA256

      6440e29b946df58c3cbd6ecdfb42ae88bb42d19b892bce094abf6834019c051f

    • SHA512

      d018645af02a775f001ecf84ce06f0fe51f8df4c40902b5c1e570fa43bbb50ee9af86a86cc872f8f37a5860eb0729552435a8b862a4c3f17d85954b6c6c3d864

    Score
    10/10
    xloaderop08loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks