Overview

overview

10

Static

static

1

DHL_AWB# 9...36.exe

windows7_x64

10

DHL_AWB# 9...36.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_AWB# 9678547836.exe

  • Size

    326KB

  • Sample

    220121-rrvqzsaaej

  • MD5

    c8df5e6047cd338743e32c7e79067a45

  • SHA1

    848cdb2e9b7415ca7689b74ffd076fb92a8637a4

  • SHA256

    5111f4fa05b89a9d727c4686485acedc16553a7715fd36776c68972acf8e5382

  • SHA512

    c18533cd152b2ea6c395d6224f0dcbc73f3583bb4b8b902cf967c906a5c5df634976741a9f90977fa05e487277d79c4ac7e85f5216921f4c78bde1abd7f36436

Score
10/10
xloaderdtt3loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dtt3

Decoy

edilononlineshop.com

cursosd.com

viellacharteredland.com

increasey0urenergylevels.codes

yjy-hotel.com

claym.xyz

reelsguide.com

gives-cardano.com

ashrafannuar.com

mammalians.com

rocketleaguedads.com

yubierp.com

minimi36.com

chn-chn.com

jagojp888.com

parsian-shetab.com

273351.com

mdtouhid.com

babedads.com

vallinam2.com

Targets

    • Target

      DHL_AWB# 9678547836.exe

    • Size

      326KB

    • MD5

      c8df5e6047cd338743e32c7e79067a45

    • SHA1

      848cdb2e9b7415ca7689b74ffd076fb92a8637a4

    • SHA256

      5111f4fa05b89a9d727c4686485acedc16553a7715fd36776c68972acf8e5382

    • SHA512

      c18533cd152b2ea6c395d6224f0dcbc73f3583bb4b8b902cf967c906a5c5df634976741a9f90977fa05e487277d79c4ac7e85f5216921f4c78bde1abd7f36436

    Score
    10/10
    xloaderdtt3loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks