Overview

overview

10

Static

static

IMG 29987 ...22.exe

windows7_x64

10

IMG 29987 ...22.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG 29987 SHIPMENT Order 85 3.02.2022.exe

  • Size

    558KB

  • Sample

    220203-rf5rtaabd9

  • MD5

    d541dd30d857710b9a5f708b83db0241

  • SHA1

    6a6b66e233eee0b11129732e35e4e7c65c631c84

  • SHA256

    af662c52d97d2590fa9a275d02feaf5aab3c18365e002a288efd862bd09aa6b4

  • SHA512

    685cdf9f95452ca8b177208cac7fc6841709167a5a46116d7267c6330fcf4f77ecca67dd9730554682bdc5fbf9e19f5f2f0bb3bb3ab2f520f49271261067ac89

Score
10/10
xloaderp8celoaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

    • Target

      IMG 29987 SHIPMENT Order 85 3.02.2022.exe

    • Size

      558KB

    • MD5

      d541dd30d857710b9a5f708b83db0241

    • SHA1

      6a6b66e233eee0b11129732e35e4e7c65c631c84

    • SHA256

      af662c52d97d2590fa9a275d02feaf5aab3c18365e002a288efd862bd09aa6b4

    • SHA512

      685cdf9f95452ca8b177208cac7fc6841709167a5a46116d7267c6330fcf4f77ecca67dd9730554682bdc5fbf9e19f5f2f0bb3bb3ab2f520f49271261067ac89

    Score
    10/10
    xloaderp8celoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks