Overview

overview

10

Static

static

3

Remittance advice.exe

windows7-x64

10

Remittance advice.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    583728b5f8153a80b3327b3ac579d17e

  • Size

    309KB

  • Sample

    231226-gm4g8adhb6

  • MD5

    583728b5f8153a80b3327b3ac579d17e

  • SHA1

    76283d7678f26a8036f54df4edcc278931948e2b

  • SHA256

    78adbda6236e7a83a2e9507bc8d3a37efa2c5b7a4fcf215e08fa5726ac0731be

  • SHA512

    e84a11a3d054a2c79ab0648835bd50cd21188278ecff449f5fb1bb1307be7774e2f9b0886a2db68e2ce50ffc448691be30bb57ab5c994009ebe4381a7566af0c

  • SSDEEP

    6144:wC99uOrRaJn8U+tesz/MCsl5j1ARrbsA3gcxKyAz/hgfvas8tJR:uuknfCZ/MCsl0rbHmzevK

Score
10/10
xloaderzy38loaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

zy38

Decoy

legacywritersacademy.net

globalforum-tm.com

jeffmackeyforjudge.com

lakenwatersports.gallery

zsgpbgsbh.icu

dwarkaluxuryhome.com

h7n9supply.com

findfromusstore.com

hemp8pharm.com

usacybersec.com

expressir.net

teknikfolyo.com

redlacedigital.com

tinhaynhat.com

social808.com

tecnoscript.com

mrsboddiesboutique.com

sjplot.com

soyo283.com

jayciedavid.com

Targets

    • Target

      Remittance advice.exe

    • Size

      252KB

    • MD5

      a583767ab5f766830627c627d6d0a25b

    • SHA1

      90d8650c12d57a6e46f13fbee87fa2ae4469bbfe

    • SHA256

      657cab120187572696f7c42467fa8f996cba9a26c0a0583c528f49dc147823e5

    • SHA512

      73213c35ceb11d97112b6a9c98d206a66374b11d1bd6ccf96c7cf18096ac6b420810b4988eb3c8196042f0c7096a355b0170ff92bc655da91b5b85ad266a3f0e

    • SSDEEP

      6144:jffa5uKiSYEhORRNEGiYa/ABsSJGKSCsN:eitEhJ7xA2tDN

    Score
    10/10
    xloaderzy38loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks