Overview

overview

10

Static

static

1

INV21029.exe

windows10_x64

10

Resubmissions

14-03-2022 13:53

220314-q7ffkagbb2 10

14-03-2022 13:10

220314-qev1jshfal 10

14-03-2022 13:10

220314-qejmhsffd9 1

14-03-2022 13:09

220314-qeba5sffd4 1

14-03-2022 13:09

220314-qdstsshegp 1

25-02-2022 17:41

220225-v9edhaabek 10

25-02-2022 17:33

220225-v49x8aabcr 10

25-02-2022 17:26

220225-vz7masggh9 10

25-02-2022 17:01

220225-vjlpwsggd5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV21029.EXE

  • Size

    577KB

  • Sample

    220314-qev1jshfal

  • MD5

    740dd9c14dea0b98df6ad434abfe789e

  • SHA1

    cbec4d898e68c12fb7dcaddb17d0aca16e8e0e7b

  • SHA256

    35295675b2fbd8ff9900336325e3324270f083705fd0cf51f4ef28763430cdd6

  • SHA512

    66041e42091e83889a6da93c4242a01a0a3122774dc2db8baf909fb0ec6b0d6e847183ac92a24f2ca99f99de7dd4abddddda4a908887f354e3a333202bc0a66e

Score
10/10
xloaderahc8loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      INV21029.EXE

    • Size

      577KB

    • MD5

      740dd9c14dea0b98df6ad434abfe789e

    • SHA1

      cbec4d898e68c12fb7dcaddb17d0aca16e8e0e7b

    • SHA256

      35295675b2fbd8ff9900336325e3324270f083705fd0cf51f4ef28763430cdd6

    • SHA512

      66041e42091e83889a6da93c4242a01a0a3122774dc2db8baf909fb0ec6b0d6e847183ac92a24f2ca99f99de7dd4abddddda4a908887f354e3a333202bc0a66e

    Score
    10/10
    xloaderahc8loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks