Overview

overview

10

Static

static

DHL DELIVE...NT.exe

windows7_x64

10

DHL DELIVE...NT.exe

windows10-2004_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL DELIVERY DOCUMENT.exe

  • Size

    423KB

  • Sample

    220214-h1kspshggl

  • MD5

    1f05c4fe505d798e57a409f494f3b3c5

  • SHA1

    faf7ab8e478cb203a11fd1de53974a3224a9670e

  • SHA256

    2a170cc5086a00b41ce8ff4bcf8fce45f85aef342d4cf4d08f018943cc5221ac

  • SHA512

    3aabe23832e5d9c7891284e7f05153ce22c89dd284f1c0be86c9c94f9331b0a85e2518250e352ae463505e9b921be3521acd278d8b5118e154a8edbb8be06e46

Score
10/10
xloaderzqzwloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

    • Target

      DHL DELIVERY DOCUMENT.exe

    • Size

      423KB

    • MD5

      1f05c4fe505d798e57a409f494f3b3c5

    • SHA1

      faf7ab8e478cb203a11fd1de53974a3224a9670e

    • SHA256

      2a170cc5086a00b41ce8ff4bcf8fce45f85aef342d4cf4d08f018943cc5221ac

    • SHA512

      3aabe23832e5d9c7891284e7f05153ce22c89dd284f1c0be86c9c94f9331b0a85e2518250e352ae463505e9b921be3521acd278d8b5118e154a8edbb8be06e46

    Score
    10/10
    xloaderzqzwloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks