Overview

overview

10

Static

static

E20210917ML-RFQ.exe

windows7_x64

10

E20210917ML-RFQ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E20210917ML-RFQ.arj

  • Size

    450KB

  • Sample

    210927-x2ny3saacp

  • MD5

    62354d340ff801e6487a011c6fba304f

  • SHA1

    471994656dfddc25f14e5965d74dcd3cd11c877b

  • SHA256

    2dcb33954614d11cded983267f1e67bab73b383f846170e34f54bb745b05b995

  • SHA512

    11d06ccde17dc9e6e0e8e7d23576e60940e27d3b68f85448e76342a7874b1941ce6a5ab1cb0fe19e1bc1c5961e7c91033f373b1a281e9ae6e45e2434bbd8faa2

Score
10/10
xloadera6erloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a6er

C2

http://www.revivalgomghw.xyz/a6er/

Decoy

floetic.club

deepspotters.com

tibo-dev.tech

kcmade.xyz

haulseattle.com

ceroli-dolci.com

chenkaichuangke.com

citycloudconsulting.online

rusunmedical.com

ingeborg-art.com

asianm.art

private-clicks.com

metalcorpperu.com

beautifulingodseyes.com

phutungxenangnguoi.com

shots-photo.com

wirlessjuicers.com

sadyrossiiural.com

jiho9jye.xyz

molilii.com

Targets

    • Target

      E20210917ML-RFQ.exe

    • Size

      631KB

    • MD5

      4bb97838f22e7d33122a38105b252b9e

    • SHA1

      770a4807a1e32a8fbb765e3540d54c30bdd5c131

    • SHA256

      c507c6ca8c3d71feb2af8d83136736bd2407fef4a26c9e681426be5501d4742c

    • SHA512

      fd23aa8b75501d5a09fcb6c8c4ac2bc7406e0a73a7dc0215b3a1de8a4a31a418bee21fc750335c9de4652e62a7a9a4a409bf110d9a1bc49df9318ab38ba08cb5

    Score
    10/10
    xloadera6erloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks