Overview

overview

10

Static

static

1

PAYMENT_xlsx.exe

windows7_x64

10

PAYMENT_xlsx.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT_xlsx.exe

  • Size

    260KB

  • Sample

    220209-mdncjaabdj

  • MD5

    903f090170c015ce8a923608be5f5529

  • SHA1

    ca5ab369fa9fa10367f8d2de5530986dd5add4a1

  • SHA256

    ae912e8263a9242ff6590f2c818cdc64c3a6f2f059576dc8d760a3af93db63fc

  • SHA512

    fb716c05053f9643ebdaff1e5a5a3d9b88cee77c1753a51618ab3c8f7897cd79384250edbe49cad6cf86579b83dd317ce2922674835ea3d484a0fb0f79f3bf6b

Score
10/10
xloaderdtt3loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dtt3

Decoy

edilononlineshop.com

cursosd.com

viellacharteredland.com

increasey0urenergylevels.codes

yjy-hotel.com

claym.xyz

reelsguide.com

gives-cardano.com

ashrafannuar.com

mammalians.com

rocketleaguedads.com

yubierp.com

minimi36.com

chn-chn.com

jagojp888.com

parsian-shetab.com

273351.com

mdtouhid.com

babedads.com

vallinam2.com

Targets

    • Target

      PAYMENT_xlsx.exe

    • Size

      260KB

    • MD5

      903f090170c015ce8a923608be5f5529

    • SHA1

      ca5ab369fa9fa10367f8d2de5530986dd5add4a1

    • SHA256

      ae912e8263a9242ff6590f2c818cdc64c3a6f2f059576dc8d760a3af93db63fc

    • SHA512

      fb716c05053f9643ebdaff1e5a5a3d9b88cee77c1753a51618ab3c8f7897cd79384250edbe49cad6cf86579b83dd317ce2922674835ea3d484a0fb0f79f3bf6b

    Score
    10/10
    xloaderdtt3loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks