Overview

overview

10

Static

static

PO-RFQ # 0...99.exe

windows7_x64

10

PO-RFQ # 0...99.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-RFQ # 097663899.exe

  • Size

    520KB

  • Sample

    210408-r63d6vs9ra

  • MD5

    3a480d8d735efe129dcccea48a054721

  • SHA1

    444f3d7795694fb3fd462b6cf3f5c2776e4a1196

  • SHA256

    006dcd5baa67723c1d34336ca9d3eb55eb53cdb58999a8c6a3a64b28c2848220

  • SHA512

    665f468fd10cab796c277b3d5e9344b00f443f837010deb810e9da0e1265d8d3d997d9e60ae467916a8807818ac0a8c63d9c40d7e5c86c89d43961174c3b68c4

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.aquaroyaume.com/uabu/

Decoy

khedutbajar.com

vehicleporn.com

misanthropedia.com

partum.life

tenshinstore.com

51tayi.com

rgr.one

lattakia-imbiss.com

escalerasdemetal.com

nationalurc.info

prettygalglam.com

globalperfumery.com

ivulam.xyz

qingniang.club

quick2ulube.com

curiget.xyz

ujeiakosdka.com

lacapitalcaferestaurant.com

agarkovsport.online

okashidonya.com

Targets

    • Target

      PO-RFQ # 097663899.exe

    • Size

      520KB

    • MD5

      3a480d8d735efe129dcccea48a054721

    • SHA1

      444f3d7795694fb3fd462b6cf3f5c2776e4a1196

    • SHA256

      006dcd5baa67723c1d34336ca9d3eb55eb53cdb58999a8c6a3a64b28c2848220

    • SHA512

      665f468fd10cab796c277b3d5e9344b00f443f837010deb810e9da0e1265d8d3d997d9e60ae467916a8807818ac0a8c63d9c40d7e5c86c89d43961174c3b68c4

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks