Overview

overview

10

Static

static

DHL Delive...ts.exe

windows7_x64

10

DHL Delive...ts.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Delivery Documents.exe

  • Size

    47KB

  • Sample

    220128-ptgk2acean

  • MD5

    5bc8492c9f262d1f9840635b87edf9c5

  • SHA1

    da867a8b837e43c91414ff46d239ab95b799d04b

  • SHA256

    7a4424af54555e5a81f6fa4e2b2c42c6d19c71bbcc261cd1be14af245c3b711c

  • SHA512

    a9f75f93607443861c6b2ec9f242faacda666967cb6cbdab8cb8c8f208047a7a90448046242aead694fe391a2bbcb9f52688bdbee08bf492cb511f71748a365e

Score
10/10
xloaderzqzwloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

    • Target

      DHL Delivery Documents.exe

    • Size

      47KB

    • MD5

      5bc8492c9f262d1f9840635b87edf9c5

    • SHA1

      da867a8b837e43c91414ff46d239ab95b799d04b

    • SHA256

      7a4424af54555e5a81f6fa4e2b2c42c6d19c71bbcc261cd1be14af245c3b711c

    • SHA512

      a9f75f93607443861c6b2ec9f242faacda666967cb6cbdab8cb8c8f208047a7a90448046242aead694fe391a2bbcb9f52688bdbee08bf492cb511f71748a365e

    Score
    10/10
    xloaderzqzwloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks