Overview

overview

10

Static

static

Purchase O...43.exe

windows7_x64

1

Purchase O...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order FEB22_76543.exe

  • Size

    769KB

  • Sample

    220215-qhta5afbh4

  • MD5

    bcc32aa0cb21d67d81d9ddbd39c3e2d9

  • SHA1

    2f0dfdf0a29ab5c1177c1245bebbdb2ee0513686

  • SHA256

    ed99b5652455f1287171fd7d49a5ac69add7ed72a08712d4c66f6474fd094615

  • SHA512

    571c706963b172d9bdd707c0f833fe9b09a41c52d6ac8e0b8d771ccbca88d4ff43cafcba30b2f9bc5f7afcb2d5908920e0553c740139b32a374b0cf07fbd6b82

Score
10/10
xloaderzqzwloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

    • Target

      Purchase Order FEB22_76543.exe

    • Size

      769KB

    • MD5

      bcc32aa0cb21d67d81d9ddbd39c3e2d9

    • SHA1

      2f0dfdf0a29ab5c1177c1245bebbdb2ee0513686

    • SHA256

      ed99b5652455f1287171fd7d49a5ac69add7ed72a08712d4c66f6474fd094615

    • SHA512

      571c706963b172d9bdd707c0f833fe9b09a41c52d6ac8e0b8d771ccbca88d4ff43cafcba30b2f9bc5f7afcb2d5908920e0553c740139b32a374b0cf07fbd6b82

    Score
    10/10
    xloaderzqzwloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks