Overview

overview

10

Static

static

RFQ order ...kg.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aeda7a96e228c8f05a1f0a09d6bb369be8affba7107fd65a558b9b1cb1701e62

  • Size

    766KB

  • Sample

    210727-qj5ewn9apn

  • MD5

    0e0dec02b08d4fbacaa1f30717f67edf

  • SHA1

    2905b57221fd4b3c684ee6470c6744815b7f4915

  • SHA256

    aeda7a96e228c8f05a1f0a09d6bb369be8affba7107fd65a558b9b1cb1701e62

  • SHA512

    3b98ddeffd066a909b7858a0d7c7e1ab7a2361944f1bd745af85a819671c32d307065b486d66b2c540fe2990ddb687eb6e3f41323d9b2157879f4a9a28b15de9

Score
10/10
xloaderloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jiltedowl.com/um8e/

Decoy

theypretend.com

hopeschildren.com

kuly.cloud

maniflexx.net

bedtimesocietyblog.com

spenglerwetlandpreserve.com

unity-play.net

bonap56.com

consciencevc.com

deluxeluxe.com

officialjuliep.com

cttrade.club

quietflyt.com

mcabspl.com

lippocaritahotel.com

tolanfilms.xyz

momenaagro.com

slingshotart.com

thefoundershuddle.com

mobilbaris.com

Targets

    • Target

      RFQ order for 180kg.exe

    • Size

      1.3MB

    • MD5

      50010c0aaa0feb41e0889b806e46ed87

    • SHA1

      9ea766edbc1fbc50268787a124522b0b935de721

    • SHA256

      bd6455c559a9308054622aa9a30388d0ac83dd09af4ce4d1e9a715e2f1baeb53

    • SHA512

      2d88aeedd2792e12baf1e90f550082e7cc0b01ae1add8226af5710c586ae79f2b46420a23d5f75c438ec9c88e9eb561db26169b72732a8bedf0121f46d04545f

    Score
    10/10
    xloaderloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks