Overview

overview

10

Static

static

DHL Shipment Doc.exe

windows7_x64

10

DHL Shipment Doc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Shipment Doc.ace

  • Size

    522KB

  • Sample

    220126-t11dyafcak

  • MD5

    5a373f74560ea6482666152dbcd6f5c6

  • SHA1

    58754c2e1388cb35991369f4868409fe207fabe0

  • SHA256

    392d53e0df22582568a42204601870498810ad743786731f45e7850f8761d6f7

  • SHA512

    1adc29e6dc463dc7727cfc0cabb0e68d2e71f0eddb8caf3c474418a9b35a520746551fd849aaf03ac35f49e85c11ea30e32536dee1b77781c9fc0a5d49f2188c

Score
10/10
xloaderhow6loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

how6

Decoy

wealthcabana.com

fourfortyfourcreations.com

cqqcsy.com

bhwzjd.com

niftyfashionrewards.com

andersongiftemporium.com

smarttradingcoin.com

ilarealty.com

sherrywine.net

fsecg.info

xoti.top

pirosconsulting.com

fundapie.com

bbgm4egda.xyz

legalfortmyers.com

improvizy.com

yxdyhs.com

lucky2balls.com

panelmall.com

davenportkartway.com

Targets

    • Target

      DHL Shipment Doc.exe

    • Size

      817KB

    • MD5

      53af702f438bffc2adb85ae9f5b8c879

    • SHA1

      e6aae502e5ea273f1367efd874bf44745d409549

    • SHA256

      95ebd87f0d2e1ef1fdbf4e35290a0e9deb65b021acf657e396e960142e80eedb

    • SHA512

      4e67eaaff0c8c2297b2f31040debf32b74048aa7deb8bb9498368d19966108400c12592b55e0a29bd173271b6b8d120fac5b2d1096cf318cf7edcba1527e1283

    Score
    10/10
    xloaderhow6loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks