Overview

overview

10

Static

static

Doc_008543678.exe

windows7_x64

10

Doc_008543678.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Doc_008543678.exe

  • Size

    347KB

  • Sample

    211015-vvt6eabhfj

  • MD5

    6f458a706a5d5e0a65adaceec728d6c8

  • SHA1

    5d623230470043f8a55a426e2b95b1501cd96820

  • SHA256

    9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590

  • SHA512

    30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d

Score
10/10
xloaderyjqnloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

C2

http://www.wavekiss.com/yjqn/

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

    • Target

      Doc_008543678.exe

    • Size

      347KB

    • MD5

      6f458a706a5d5e0a65adaceec728d6c8

    • SHA1

      5d623230470043f8a55a426e2b95b1501cd96820

    • SHA256

      9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590

    • SHA512

      30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d

    Score
    10/10
    xloaderyjqnloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks