Overview

overview

10

Static

static

PO#00650288.doc.exe

windows7_x64

10

PO#00650288.doc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#00650288.doc.exe

  • Size

    777KB

  • Sample

    220127-bt1f9adge5

  • MD5

    c94bd5f674928d2e347a99a84ac09c79

  • SHA1

    8983b3c54e9978f05c7f99ad8ff7f7af8527fbbb

  • SHA256

    9ecd8c9e350e594b3698eae609755d3422bd7d88a457731834a931db312a788c

  • SHA512

    bcea02361b6b1ec2c9e6eb3d0251579c88130c1cfb238dcc2d8cca2b4a9fcd9886b59d30abac4221a4e4b86482bb18cd0b5faefea36fb4b32a25276aac4dc1bc

Score
10/10
xloadernid3loaderrat

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

nid3

Decoy

bocadilleriapk2guadalajara.com

vaccinatedmaid.com

uvoznaroba.com

sore2.com

carphonegadget.com

0543hm.com

valglobalgroup.com

badbogeyclub.com

sonykameraja.biz

dpz831.icu

wyvernmediagroup.com

jason-luttrell.com

joehcq1.com

1aiizsbb.icu

thelousciouscocoon.com

crypto4.education

letrassinfronteras.com

truemovehispeed.com

se25diy.com

cisdax.com

Targets

    • Target

      PO#00650288.doc.exe

    • Size

      777KB

    • MD5

      c94bd5f674928d2e347a99a84ac09c79

    • SHA1

      8983b3c54e9978f05c7f99ad8ff7f7af8527fbbb

    • SHA256

      9ecd8c9e350e594b3698eae609755d3422bd7d88a457731834a931db312a788c

    • SHA512

      bcea02361b6b1ec2c9e6eb3d0251579c88130c1cfb238dcc2d8cca2b4a9fcd9886b59d30abac4221a4e4b86482bb18cd0b5faefea36fb4b32a25276aac4dc1bc

    Score
    10/10
    xloadernid3loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks