Overview

overview

10

Static

static

0e312eccc9...in.exe

windows7_x64

10

0e312eccc9...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1947e7b9_by_Libranalysis

  • Size

    26KB

  • Sample

    210506-fqa6nlnwwe

  • MD5

    1947e7b98854c8e957127c460b86c1d6

  • SHA1

    70b1a059d1a878dd08abe9dea710d62c8cf39fda

  • SHA256

    e780b5cbe2ab50bdc79704182dd268becbcb29f6b9865edf684e67c9b364775e

  • SHA512

    4abbb2811e145bcb11a0b38a76a1db5bee53801aeac46f0188c255f9e1b1a59b5654bdb93adf7ba5170495e0e735dbc6e23932dfbb7b77dbf24007e709d184f7

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.innovativevan.com/i8be/

Decoy

cdymjim.icu

globalmilitaryaircraft.com

slusheestore.com

freepdfconvert.net

itadsweden.com

legenddocs.com

metholyptus.com

966cm.com

mobilitygloves-protect.com

travaze.net

go-kalisa.com

believehavefaith.com

nywebhost.com

semitsol.com

wowyuu.net

cochesb2b.com

gobesttobuy.com

senmec23.com

bmsgw.com

newazenterprise.com

Targets

    • Target

      0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083.bin

    • Size

      76KB

    • MD5

      1670bb70c724ff6142617ac83676b3a0

    • SHA1

      7bfd700d81d79b06d82c83d5f78a41990c6c391e

    • SHA256

      0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083

    • SHA512

      052a570f26c74a0982010b1f2b7caca42bb706a8ade59b5cdde4020fb1aa65bea3001b5b8ff23e95cd7f79a37ee0f908e05800f5f06eccf3e24a27c679bb29ae

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks