Overview

overview

10

Static

static

svch.exe

windows7_x64

10

svch.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svch.exe

  • Size

    579KB

  • Sample

    210421-lx8ns5vbna

  • MD5

    a750b5c841200037a4e03a27ba5a6382

  • SHA1

    d795e2443adfd4c9c1c10fbce9df60551a11c464

  • SHA256

    08a758993c43a321076d8bbc7d9352f1affee8ae44db80c1cf2ced2e6f2cfed2

  • SHA512

    0f1dc2653fe7349620057fd523a17dad0d84f46e8f3f15685dcfd8114b347e2d8515197a9838fd5114fa3f45c09952998b086698f630c90605ec4677f25809df

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.xiangnanxiang.com/nqs9/

Decoy

vescuderoabogados.com

reednorth.com

zoeyline.com

kittenclub.online

srichinstest2blog.com

wide-house.com

highandmightycornwhiskey.com

investmentbankersroundtable.com

godnomics.com

lynperformancetraining.com

alitafinance.com

cristinaandmore.com

sexyseniors.directory

p1monline.com

followingsharks.com

lurkwood.com

shopnayzierose.com

didsss.com

christophergagnon.com

bestpreschoolinorlando.com

Targets

    • Target

      svch.exe

    • Size

      579KB

    • MD5

      a750b5c841200037a4e03a27ba5a6382

    • SHA1

      d795e2443adfd4c9c1c10fbce9df60551a11c464

    • SHA256

      08a758993c43a321076d8bbc7d9352f1affee8ae44db80c1cf2ced2e6f2cfed2

    • SHA512

      0f1dc2653fe7349620057fd523a17dad0d84f46e8f3f15685dcfd8114b347e2d8515197a9838fd5114fa3f45c09952998b086698f630c90605ec4677f25809df

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks