Overview

overview

10

Static

static

1

Order-9411574-pdf.exe

windows7_x64

10

Order-9411574-pdf.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order-9411574-pdf.pif

  • Size

    249KB

  • Sample

    220207-jwf5dshebr

  • MD5

    58e91c804bf83bcb330d64d87bdd7abf

  • SHA1

    9f00f81e64cbe3445a1f3f5f24976d736e8543ca

  • SHA256

    d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d

  • SHA512

    aaf401d5f4a35325677ba978d170204d1305759c763b3d345d2817080cfb0707acb3703548f29db2c520faf3f2ba8835adeec435da59dfea1d3c03527f400ddb

Score
10/10
xloaderuar3loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

    • Target

      Order-9411574-pdf.pif

    • Size

      249KB

    • MD5

      58e91c804bf83bcb330d64d87bdd7abf

    • SHA1

      9f00f81e64cbe3445a1f3f5f24976d736e8543ca

    • SHA256

      d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d

    • SHA512

      aaf401d5f4a35325677ba978d170204d1305759c763b3d345d2817080cfb0707acb3703548f29db2c520faf3f2ba8835adeec435da59dfea1d3c03527f400ddb

    Score
    10/10
    xloaderuar3loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks