Overview

overview

10

Static

static

Carta de pago.exe

windows7_x64

10

Carta de pago.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    affaec3e32d0244aaf424180de568e23d03da3eb6c43dcb0b82b4e5185731abc

  • Size

    418KB

  • Sample

    220221-mlfyesfecj

  • MD5

    9a4da2f3284b0179325ab5c1aab91db7

  • SHA1

    5c227f6a98ba91dd4f697c6481fb2c7edc554e5c

  • SHA256

    affaec3e32d0244aaf424180de568e23d03da3eb6c43dcb0b82b4e5185731abc

  • SHA512

    0af714f93dbfa178df16698ab03796a8e86e98e86f4c3e0b296a0b023f05290a31d9d6339fe6f78df3d2c09a86a0281d87974c30cf26dd70ddc8cf9f44f0cd89

Score
10/10
xloaderkio8loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

kio8

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

    • Target

      Carta de pago.exe

    • Size

      357KB

    • MD5

      03206cea63667d5f8e8861f554720473

    • SHA1

      43bcabbfaffce6dfb7c5ec763f11ea85d8876dad

    • SHA256

      c15f6faab41ea44719d795995c15024db0719fa5c9a731110587ec4e1e041fc2

    • SHA512

      7552aae69b210e543f27d707952738df7f349daf99450e53b0a39729ea7bea5e31d34b9dc6b876ef2964f759f488a83a052a913125fb6b6f50767f994277e933

    Score
    10/10
    xloaderkio8loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks