RFQ_Beijing Chengruisi Manufacturing_pdf.exe

General
Target

RFQ_Beijing Chengruisi Manufacturing_pdf.exe

Size

417KB

Sample

210924-n3grqaghcj

Score
10 /10
MD5

a30b50f5e2ea1a2d8c6bdf581e97d478

SHA1

9943026649061e28fe7fd626b6d3e1c893131779

SHA256

3dafcb39d7cc251c9a8212a8e745e0d72f2c530bf699a9168a379fa25e36ec38

SHA512

548ca8b3f795c32ff30d4f4810e78c6a0bb2aecf42a4bc56632612b2ab5595d9d4d3fd364b6c9bcca80135f1459f7243edc020a2b61bb3b1bce04d43d79a8088

Malware Config

Extracted

Family xloader
Version 2.5
Campaign euzn
C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

jakital.com

graywolfdesign.com

pepeavatar.com

predixlogisticscourier.com

football-transfer-news.pro

herbalmedication.xyz

esd66.com

janesgalant.quest

abcrefreshments.com

chaoxy.com

rediscoveringyouhealing.com

mcrjadr5.xyz

n4sins.com

faithful-presence.com

013yu.xyz

isystemslanka.com

newbeautydk.com

ethiopia-info.com

hgaffiliates.net

anodynemedicalmassage.com

esohgroup.com

clinicamonicabarros.com

rafathecook.com

londonescort.xyz

dreamites.com

webtiyan.com

cnnautorepair.com

soposhshop.com

aarohaninsight2021.com

arceprojects.com

Targets
Target

RFQ_Beijing Chengruisi Manufacturing_pdf.exe

MD5

a30b50f5e2ea1a2d8c6bdf581e97d478

Filesize

417KB

Score
10 /10
SHA1

9943026649061e28fe7fd626b6d3e1c893131779

SHA256

3dafcb39d7cc251c9a8212a8e745e0d72f2c530bf699a9168a379fa25e36ec38

SHA512

548ca8b3f795c32ff30d4f4810e78c6a0bb2aecf42a4bc56632612b2ab5595d9d4d3fd364b6c9bcca80135f1459f7243edc020a2b61bb3b1bce04d43d79a8088

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10