Overview

overview

10

Static

static

Contract Invoice.exe

windows7_x64

10

Contract Invoice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Contract Invoice.exe

  • Size

    479KB

  • Sample

    220131-jj8zmsggel

  • MD5

    4c86a722b72090ef4d09c46fa6376da8

  • SHA1

    9f38ddbe34f823c2b05157a98bc0dec2093842fd

  • SHA256

    3e317e0e4e62e0842ba4d1d52f8bd3e45a1b7a8e01e784771803d722dbfaf3a8

  • SHA512

    29020e64d2530a591bc9c8948eb20d22a59f7765d28e63db3293e4c738344a91d6763a7019a82b7b389dc491771805d58260c524b1c462807e96c3c284a5d6a6

Score
10/10
xloaderoms5loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

oms5

Decoy

stepfantasy.media

kentuckyvapeshop.com

mod-hotels.com

kkstudy.net

temanfts.xyz

lzcsj.com

7808aaa.com

1sab.claims

yangraclelamb.com

tndlz.com

lndjg.com

scjmzs.com

galabet0350.com

xn--mobile-bar-mnchen-e3b.com

lufkinreign.com

beweig.com

happygirlxxx.com

datapieces.com

happysad.store

sweet-comforts.com

Targets

    • Target

      Contract Invoice.exe

    • Size

      479KB

    • MD5

      4c86a722b72090ef4d09c46fa6376da8

    • SHA1

      9f38ddbe34f823c2b05157a98bc0dec2093842fd

    • SHA256

      3e317e0e4e62e0842ba4d1d52f8bd3e45a1b7a8e01e784771803d722dbfaf3a8

    • SHA512

      29020e64d2530a591bc9c8948eb20d22a59f7765d28e63db3293e4c738344a91d6763a7019a82b7b389dc491771805d58260c524b1c462807e96c3c284a5d6a6

    Score
    10/10
    xloaderoms5loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks