Overview

overview

10

Static

static

Purchase Order..exe

windows7_x64

10

Purchase Order..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order..exe

  • Size

    762KB

  • Sample

    220221-zxvl6sbhfn

  • MD5

    856532151e634510511b4a686ecc3e85

  • SHA1

    7a775814e8da28814d135c3225474b214bac9bd5

  • SHA256

    f840b70fdadb374f3b3e6829a5d0ffd76eafb4da162b1be0874fa2d08172dde8

  • SHA512

    7b0b0fd4d268d2597e5c71a9d598fbf0a191dbb1d3af8c0e2a06c6d0bc318147e30a3a82ebbafc01697e0cc5ae819b4c6fc709aa6c7315e05cf599853e903b79

Score
10/10
xloaderb8euloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b8eu

Decoy

coeusconsultancy.com

allutravel.com

frustratedsportsfan.com

notch.host

cvkur.com

dunamisathletics.com

citycourtlafayetteclass.com

tastingpay.com

beriteautoglass.com

mexicanaenergy.com

karaokepkllkb.xyz

equiposymaquinasparamineria.com

fsmgayrimenkulbursa.com

femmequidanseaveclalune.com

frfrjrbfkfncifnsnqwnxbcb.com

jmwxhsbktiyq7.xyz

nevirame.com

wppaulwriter.com

anandiaper.xyz

krasamart.com

Targets

    • Target

      Purchase Order..exe

    • Size

      762KB

    • MD5

      856532151e634510511b4a686ecc3e85

    • SHA1

      7a775814e8da28814d135c3225474b214bac9bd5

    • SHA256

      f840b70fdadb374f3b3e6829a5d0ffd76eafb4da162b1be0874fa2d08172dde8

    • SHA512

      7b0b0fd4d268d2597e5c71a9d598fbf0a191dbb1d3af8c0e2a06c6d0bc318147e30a3a82ebbafc01697e0cc5ae819b4c6fc709aa6c7315e05cf599853e903b79

    Score
    10/10
    xloaderb8euloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks