Overview

overview

10

Static

static

1

RECEIPT 02...52.exe

windows7_x64

10

RECEIPT 02...52.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECEIPT 0266255252.pif

  • Size

    300KB

  • Sample

    220301-n4lgasbeap

  • MD5

    c7012ce63b4ed9e49bf7be48fc27beae

  • SHA1

    8c91c8e2a90b9e9b3d3dde1fb32e02e5de5dd347

  • SHA256

    b3babb49432b3d09adbf7e79dfb2fe84f4d417ad394ccd59412c9e083a42a673

  • SHA512

    6ded1f1974ace78c102fc60e65cef89b664860edd87938af9efa1b4574de43667b614fbc19f49fae2d018180a2a706181982179193bba5c5ccac565758ee2e60

Score
10/10
xloaderrmfgloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rmfg

Decoy

prospectcompounding.com

grand-prix.voyage

solvingpklogc.xyz

eliamhome.com

gamevip88.club

arsels.info

dswlt.com

dchehe.com

lawyerjerusalem.com

pbnseo.xyz

apuryifuid.com

kiukiupoker88.net

leannonimpact.com

kare-furniture.com

mississaugaremax.online

zpyh198.com

dueplay.store

naimi.ltd

greenstepspodiatry.com

cewirtanen.com

Targets

    • Target

      RECEIPT 0266255252.pif

    • Size

      300KB

    • MD5

      c7012ce63b4ed9e49bf7be48fc27beae

    • SHA1

      8c91c8e2a90b9e9b3d3dde1fb32e02e5de5dd347

    • SHA256

      b3babb49432b3d09adbf7e79dfb2fe84f4d417ad394ccd59412c9e083a42a673

    • SHA512

      6ded1f1974ace78c102fc60e65cef89b664860edd87938af9efa1b4574de43667b614fbc19f49fae2d018180a2a706181982179193bba5c5ccac565758ee2e60

    Score
    10/10
    xloaderrmfgloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks