QUOTQTION.zip

General
Target

QUOTQTION.zip

Size

424KB

Sample

210924-mc171agfdm

Score
10 /10
MD5

a99b952d10143e1d35d96c6b9cb0d0c8

SHA1

8b93ae5b4a30e11817140014c8519824783657b3

SHA256

c58d4399f56ac84de6e6aead1750f1f533baea7508199955ce74eee2b7ca3eee

SHA512

e6136501128034dc3f242b2d8c339a5694fe14abe51dc2a29240f9050e2b779daaa797ea3e815b491fad6e11627bd223beb1d896a8af438726f839a7aa303f48

Malware Config

Extracted

Family xloader
Version 2.5
Campaign c2ue
C2

http://www.heidevelop.xyz/c2ue/
Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

wingkingtong.com

innovativepropsolutions.com

transportesajusco.online

rosenblasts.info

ttsports.store

servpix.com

liveatthebiltmore.com

magentautil.com

aquolly.com

collabsales.com

bredaslo.com

suddisaddu.com

www920011a.com

uudh.info

bleuexpress.com

xivuko.com

upstatehvacpros.com

acami.art

thqahql.com

mauzabe.com

mydrones.net

franciseshun.com

nrrpri.com

adndpanel.xyz

straightcorndinner.xyz

locngrip.com

wgylab.xyz

greenmamba100.com

dmglobalconsult.net

alissanoume.xyz
Targets
Target

QUOTQTION.exe

MD5

24736913b455be2ed3d1cc67c767afc4

Filesize

866KB

Score
10 /10
SHA1

8026db0f265178cf013ac579c1b7267f4014bf2c

SHA256

a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

SHA512

49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10