Overview

overview

10

Static

static

klSsrzxwsbxeJQh.exe

windows7_x64

10

klSsrzxwsbxeJQh.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    klSsrzxwsbxeJQh.exe

  • Size

    818KB

  • Sample

    210727-hvk95e8b7a

  • MD5

    3be1fa609b4f6efa9d30b5c75810f863

  • SHA1

    61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf

  • SHA256

    27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11

  • SHA512

    b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.arogyanlife.com/b82a/

Decoy

annguyet.net

parkwood.tech

readysetmortgage.net

betraywithdraw.com

incmagazine.xyz

dentistinpimplesaudagar.com

lianhx.com

prodrelease0827b.com

safehavenwellbeing.com

gehdeinweg.club

sondaggio123.space

prospecx.report

remediate.info

savylash.com

puppornstar.com

coaching-romand.com

boozeshops.com

team316media.com

ldgawydtl.icu

trezteez.com

Targets

    • Target

      klSsrzxwsbxeJQh.exe

    • Size

      818KB

    • MD5

      3be1fa609b4f6efa9d30b5c75810f863

    • SHA1

      61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf

    • SHA256

      27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11

    • SHA512

      b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks