Overview

overview

10

Static

static

Invoice Pa...ls.exe

windows7_x64

10

Invoice Pa...ls.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f8114d7abbf7e21f339fe9cc666931a2cd89bc4ef68de6e4030c25800649dc0

  • Size

    598KB

  • Sample

    220221-194laacbej

  • MD5

    227251d9248fc05a0d3708197a9a8782

  • SHA1

    80b84a5173c97adf94028707705aad0745bb8f31

  • SHA256

    5f8114d7abbf7e21f339fe9cc666931a2cd89bc4ef68de6e4030c25800649dc0

  • SHA512

    b86c36219d6057ff7b632c0126cf0147ca8627e1436f4d12cf45684327fd59837ad85daa634b546731b8fcd01aed422c6c31de6f509c0be434136890a9eb80ed

Score
10/10
xloaderkio8loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

kio8

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

    • Target

      Invoice Payment Details.exe

    • Size

      892KB

    • MD5

      9570c6d8cef329a8984dc89ecc786c28

    • SHA1

      f318481b2fa2cc222bb783974c917f7c2b352c8f

    • SHA256

      a55e49e3dffd386fbe1b8cfdafb4bcca81264b48e1fa2f9d68a7b8b12ec2bc7e

    • SHA512

      3f1a3827be7daa886136c039b22a91d8c577e18f651cb414a2f9ebae258e45772533f17253f58a600c05b1307ef618ec6dd49ceebc5128333f53f83068293251

    Score
    10/10
    xloaderkio8loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks