Overview

overview

10

Static

static

3

DHL_SHIPME...df.exe

windows7-x64

10

DHL_SHIPME...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3d5913219cd0b70ad97893a0d582189b5b23324b1b66a7646f328bc4d0c2da3

  • Size

    498KB

  • Sample

    241121-yl145swkev

  • MD5

    71ade2c0e1ab958b44264785962ea425

  • SHA1

    d22d9f2c9d9217ce6bbe00fe9576ad2c6e40b13e

  • SHA256

    f3d5913219cd0b70ad97893a0d582189b5b23324b1b66a7646f328bc4d0c2da3

  • SHA512

    51890692544ae2a036304da8d3144adfc492395e9d11436aab2cc8658b66a108bd928e9861a454075509caa32077f51eba814870645a3609637e7ebc81d676ea

  • SSDEEP

    12288:N9WHRJEE7b7jMax9LJJfSMDzUSQ+Xcz4IG7ztSV60tLhTC4qu:qHhP7jBx9vScM+XW4IQsLf

Score
10/10
xloaderf6fwdiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f6fw

Decoy

plumaroja.com

pceasyreview.com

wordsinprogressthegame.com

hiltonbomontieforeaspa.com

amu2020.com

airfieldelectric.com

reasonswhyletter.com

venturabankruptcyattorney.com

contorig2.com

kevinton.com

tiga-roda.com

swallow-express.com

berlins-cuban.com

newhopeadultos.com

yanmq.com

businessfundingtodayscam.com

goldtraderassociates.com

formulasimracing.com

rdifatra.com

asudprr.com

Targets

    • Target

      DHL_SHIPMENT_REF#290421_73663_pdf.exe

    • Size

      645KB

    • MD5

      35b5ff4171eea1c0433f592d83631a14

    • SHA1

      9a18a2807c82a63c26d71d9be32edc902129b116

    • SHA256

      9aa3c6d66305578b1f8743f1f5260453432e9d9e157756640bd7f8cf85facc25

    • SHA512

      3cd910a43731ab4d41203d20f348e765e481bcef7b7d583a83862168c82c274146582bcd67de47c145610e6fe7b95560f0b88fb796defe19f0b0cc4d7e05e21c

    • SSDEEP

      12288:rG61i3ePiNmR1axgxOjtAgIi6xt11pAnym8E0muRwjWU5qrgqNdYCAWHDIouq6XZ:rG61UeioQgxOfIi4/zAnh8E0mu6WUE32

    Score
    10/10
    xloaderf6fwdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader family

      xloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.