Overview

overview

10

Static

static

1

Rfq# 52011.exe

windows7_x64

10

Rfq# 52011.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LOGISTICS ARRIVAL NOTICE FREIGHT #20200927F.zip

  • Size

    305KB

  • Sample

    210927-nlw53sgfgj

  • MD5

    7cd6c6c0e28eba90b06bb2960cfd6e6b

  • SHA1

    f627383e6683d89e11983bed3584c8e8e8e7f17e

  • SHA256

    335d34dcb2a548120db6c08c0e13eefbb8a38f6bd24b6dfa4edcd51c44f835c5

  • SHA512

    fab266d84031329c763718c8af3d7748006a1ba704e0038810e63199eeb48f85bddb5da10a4f7262d1b2ddff9604bd0a557aa6e45815861106d7dc0c2b838c7f

Score
10/10
xloaderh2m4loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

h2m4

C2

http://www.kitap-deposu-pdf-mp3.site/h2m4/

Decoy

gallery85.net

ibitehebites.com

jaganalytics.com

fariquxivile.rest

lidaqj.com

sanfrancbd.com

gravityht.com

cv7es.com

webdevelopment.cloud

kickstartpal.com

restorefoundations.com

mswebinar.com

threemustdostagingtips.com

emerilforeverpansinfo.com

laboratoriogiosol.com

izy-cash.com

helios-eml.site

quasarenergy.global

shopfashionlab.com

unighostwriter.com

Targets

    • Target

      Rfq# 52011.exe

    • Size

      330KB

    • MD5

      d54903b43f7c4aa9400c9132e208f2cc

    • SHA1

      2b3f77c81586198e3cba92c8c1d59125327b3ca0

    • SHA256

      266c5eff1e53ab87738e2b4a516f4b519c272734537da3c9e5d92383537ec381

    • SHA512

      e0ef1fc4e702ac30b39fb319e0a92987691ecbdd407564e932460ef8f80a7d5c985e2611d9fe0fea7cf18fa9431281b34dfdba2e932bdb0bb6d8124d854e827f

    Score
    10/10
    xloaderh2m4loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks