Overview

overview

10

Static

static

1

30 percento,pdf.exe

windows7_x64

10

30 percento,pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e30ab582725d38d32c525a049ec3fd428d674aaf7e18122cb420e1955f54ea4b

  • Size

    282KB

  • Sample

    220208-cfxnwacaan

  • MD5

    5079465c9ae91ed612898977a68bc39e

  • SHA1

    934de71e2de011af1811c28480fcaa1cb172f999

  • SHA256

    e30ab582725d38d32c525a049ec3fd428d674aaf7e18122cb420e1955f54ea4b

  • SHA512

    7b15375d6ebab8a3ba99bb459f0d5cb36bfefccc4627f4b7d08d76b37286b08e66aa5f9e33b84249b6e7caeec655b7188bcaeb938bed63e424016d407d70a8c8

Score
10/10
xloaderkio8loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

kio8

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

    • Target

      30 percento,pdf.exe

    • Size

      221KB

    • MD5

      9b1ec43999de28a3228942e815c72bed

    • SHA1

      d37380fab9b73c2d9cfdf93710a30e7bfd26309a

    • SHA256

      17dbd8dd053a49bd380a82768b7f8d115d84f81382afa6913164327cb237de5b

    • SHA512

      2060a1f945d431b578cb8ab774a577edcb7c6950ef2ae27b0fea28b7db3b302fe7f12643262763b8219ffc6932f013f9b01489970609e52c1a8402d7ba8ac34b

    Score
    10/10
    xloaderkio8loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks