Overview

overview

10

Static

static

SCAN COPY ...df.exe

windows7_x64

10

SCAN COPY ...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN COPY SAUDI ARABIA CUSTOMS TARIFFS pdf.exe

  • Size

    969KB

  • Sample

    220322-dlzk4aecf8

  • MD5

    da769f7382703bf9887144ab8d4cb0bd

  • SHA1

    62cd420154c2ce51948d69fec1f501774711ee15

  • SHA256

    041760471bc27a43bf84ff6bee7edce055983316c01cd984ade1872239c1a35c

  • SHA512

    08c767a5bdb6e8711f1cc930b7e7623c1ebd2a39b92c98d08add35f45c1f1cc2a02b0fc575bfed6eb2098c1df6e7742806de1251d105f116265db51fd6cc45de

Score
10/10
xloaderubqkloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ubqk

Decoy

tundrat-celltherapy.com

superfinance.club

5x5week.com

687504.com

clarkdn.com

potterypklsck.xyz

4m5k.com

21t8.com

94o2ohfjg.com

bhupendratravels.com

nomadashop.com

w388bet.bet

naturalenetwork.net

tupaqu.com

osooir.com

jengly.com

cbsharjah.icu

tokowallpaperbekasi.com

baggamut.com

upoon81.com

Targets

    • Target

      SCAN COPY SAUDI ARABIA CUSTOMS TARIFFS pdf.exe

    • Size

      969KB

    • MD5

      da769f7382703bf9887144ab8d4cb0bd

    • SHA1

      62cd420154c2ce51948d69fec1f501774711ee15

    • SHA256

      041760471bc27a43bf84ff6bee7edce055983316c01cd984ade1872239c1a35c

    • SHA512

      08c767a5bdb6e8711f1cc930b7e7623c1ebd2a39b92c98d08add35f45c1f1cc2a02b0fc575bfed6eb2098c1df6e7742806de1251d105f116265db51fd6cc45de

    Score
    10/10
    xloaderubqkloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks