Overview

overview

10

Static

static

DELIVERY D...TS.exe

windows7_x64

10

DELIVERY D...TS.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DELIVERY DOCUMENTS.exe

  • Size

    784KB

  • Sample

    220217-jasw3aaeh7

  • MD5

    c84db8be1abc6b5c4fe423a2425c9ad6

  • SHA1

    e21d4d9a20e80be6f9310bfc281bd2c8819d2f57

  • SHA256

    3c6a613507d90d332e2d4d7f91c7c2ef3135e464e5937b1da1a9c4f749528343

  • SHA512

    af70ee5050550797a43c49a249c850b543f45ad7998d78ef5fa4d700c66fb2d677e79d213179a64cf23bdc444d2b2ce6c2ba4af129f86fe1127c5e48c94df2cf

Score
10/10
xloaderzqzwloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

    • Target

      DELIVERY DOCUMENTS.exe

    • Size

      784KB

    • MD5

      c84db8be1abc6b5c4fe423a2425c9ad6

    • SHA1

      e21d4d9a20e80be6f9310bfc281bd2c8819d2f57

    • SHA256

      3c6a613507d90d332e2d4d7f91c7c2ef3135e464e5937b1da1a9c4f749528343

    • SHA512

      af70ee5050550797a43c49a249c850b543f45ad7998d78ef5fa4d700c66fb2d677e79d213179a64cf23bdc444d2b2ce6c2ba4af129f86fe1127c5e48c94df2cf

    Score
    10/10
    xloaderzqzwloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks