Overview

overview

10

Static

static

PO.exe

windows7_x64

10

PO.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO.exe

  • Size

    906KB

  • Sample

    220308-mm98nagedq

  • MD5

    d87832e3f675ffd9d871f455ffa55ff1

  • SHA1

    8d2a9daa0caf5fad0159ed2233d56bf94b8e7337

  • SHA256

    31f44a55873cb84506a1213469e0c884eb7f8b4dea91197bedf8a892c1404654

  • SHA512

    779258a90d6552c09b132b01b80418054c9a972d797d91c8e202644594a487da60653777137f6acf1ad8ad4d7e8b873bb88505338a126923f9876c9c7499adf9

Score
10/10
xloaderyrcyloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

sturlabas.com

tantrungcompany.com

wildgraceyogahealing.com

wsparalegal.com

8xhgq.xyz

mysaylav.com

amelntl.net

cooleshow.online

adventuresbydisneyathome.com

sprinklekart.com

prostitutkitambovasuck.info

pakdao.com

finsith.com

nightpartner82.xyz

sex9a4ufbj.com

ketohousee.com

mairie-les-cammazes.com

elebots.xyz

highqualityremodeling.net

teamsterslocal553.com

Targets

    • Target

      PO.exe

    • Size

      906KB

    • MD5

      d87832e3f675ffd9d871f455ffa55ff1

    • SHA1

      8d2a9daa0caf5fad0159ed2233d56bf94b8e7337

    • SHA256

      31f44a55873cb84506a1213469e0c884eb7f8b4dea91197bedf8a892c1404654

    • SHA512

      779258a90d6552c09b132b01b80418054c9a972d797d91c8e202644594a487da60653777137f6acf1ad8ad4d7e8b873bb88505338a126923f9876c9c7499adf9

    Score
    10/10
    xloaderyrcyloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks