General

  • Target

    QUOTATION REQUEST.exe

  • Size

    728KB

  • Sample

    210503-pkbhn7gghe

  • MD5

    64af41000584694858d0fcc37b1bf69b

  • SHA1

    707c77c61fafdd736c1e02bfdbc8ce7ce24cc759

  • SHA256

    fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa

  • SHA512

    dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.pedroiniesta.net/n7ad/

Decoy

orchardevent.com

inthebeginningshop.com

keodm.com

hangthejury.com

cannabisllp.com

letsratethis.com

milanfashionperu.com

adcvip.com

professionalcprclasses.com

checkmytradesmanswork.com

sloanksmith.com

apnajamshedpur.com

665448.com

zryld.com

cabot.city

graet.design

furbabiesandflowers.com

silkisensations.com

sawubonastore.com

screenwinz18.com

Targets

    • Target

      QUOTATION REQUEST.exe

    • Size

      728KB

    • MD5

      64af41000584694858d0fcc37b1bf69b

    • SHA1

      707c77c61fafdd736c1e02bfdbc8ce7ce24cc759

    • SHA256

      fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa

    • SHA512

      dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks