Overview

overview

10

Static

static

Quotation.exe

windows7_x64

10

Quotation.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    1.1MB

  • Sample

    210624-ckw89cs8pa

  • MD5

    5caf99a5eb3975b435161de0b401b1b5

  • SHA1

    271249f641ecbcd5f17b21cd8500b78acb05b5d1

  • SHA256

    574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754

  • SHA512

    b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.generalplex.com/pz9b/

Decoy

gochili.info

cyberdatadefence.com

payonbux.com

candiceswanepoelbrasil.com

mykaoa.com

tanabe-kanagu.com

dovetailgoodlife.xyz

alabasterautomotive.com

tajc.club

authwdqtsi6sojynof9gmazon.com

cookingguides.net

yah360.com

berriq.com

freetoreview.online

yachtsgoneonline.com

clothestokidsri.com

howtogetstartedwithfba.com

simplepartyplanning.com

sunrisekai.com

wealthfarmer.net

Targets

    • Target

      Quotation.exe

    • Size

      1.1MB

    • MD5

      5caf99a5eb3975b435161de0b401b1b5

    • SHA1

      271249f641ecbcd5f17b21cd8500b78acb05b5d1

    • SHA256

      574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754

    • SHA512

      b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks