Resubmissions

21-10-2021 12:22

211021-pj5j4sacd5 10

21-10-2021 12:15

211021-pew26sacc7 10

General

  • Target

    triage_dropped_file

  • Size

    253KB

  • Sample

    211021-pew26sacc7

  • MD5

    d0e4c13e6c8ba9fe34d86b554b595d9a

  • SHA1

    83eee2dbe00ae265af9eb13105dc1068b6b034cd

  • SHA256

    f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032

  • SHA512

    72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

kqna

C2

http://www.surfsolutions.info/kqna/

Decoy

achyutlifesciences.com

anthemmg.com

netkopat.com

generationgirlnaturals.com

novatel-network.com

craftstockco.com

thevishantiverse.art

elkerfly.com

haerotechs.com

candypalette.com

gregdokes.com

e-commerce.company

gratitudeland.com

companyintelcloud.com

publicyazilim.com

xc6811.com

aracsozluk.com

janesgalant.quest

fraserstephendop.com

ryan.rentals

Targets

    • Target

      triage_dropped_file

    • Size

      253KB

    • MD5

      d0e4c13e6c8ba9fe34d86b554b595d9a

    • SHA1

      83eee2dbe00ae265af9eb13105dc1068b6b034cd

    • SHA256

      f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032

    • SHA512

      72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks