Overview

overview

10

Static

static

ORS51082.exe

windows7_x64

10

ORS51082.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORS51082.exe

  • Size

    996KB

  • Sample

    220707-g687tagfh8

  • MD5

    fdce62a590ef3d5c302a7cabc29278fb

  • SHA1

    155fedc5ca4878abfd7bbf94445b88f96452745d

  • SHA256

    6e7274032f1229b80a0b4d9e4bfef54d27414f287161dd3e1f80a476cbc85c52

  • SHA512

    21d37bf4bcafc81b941240d75ab7eb2727bdd6ffaecbeccf9f2173b09f9ce1119dcdac24d6aff7fb5ad2dd209b826bb57719286cc96cc38ce680cdff103182ef

Score
10/10
xloaderges0loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ges0

Decoy

activelogistics.group

fashionbeautyinternational.com

firstbymel.com

anta-media.com

mysmartoffice.online

a17l.com

hyunmijoa.com

gdqsgyl.com

athafood.com

guwerix.xyz

yodjae.com

wineglassfuls.info

sattair.com

kamstage.com

nurseandcaregiverjobsesp.com

vemtiq.com

kul-history.com

trycbd-gummies.net

fewland.club

breeztrade.com

Targets

    • Target

      ORS51082.exe

    • Size

      996KB

    • MD5

      fdce62a590ef3d5c302a7cabc29278fb

    • SHA1

      155fedc5ca4878abfd7bbf94445b88f96452745d

    • SHA256

      6e7274032f1229b80a0b4d9e4bfef54d27414f287161dd3e1f80a476cbc85c52

    • SHA512

      21d37bf4bcafc81b941240d75ab7eb2727bdd6ffaecbeccf9f2173b09f9ce1119dcdac24d6aff7fb5ad2dd209b826bb57719286cc96cc38ce680cdff103182ef

    Score
    10/10
    xloaderges0loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks