REQUEST FOR QUOTATION.exe

General
Target

REQUEST FOR QUOTATION.exe

Size

254KB

Sample

211021-qygbhaadb9

Score
10 /10
MD5

cc19c69f756ab25010c68a64b03f2eee

SHA1

48e28f2fcb7a13efa879b99b14ba52571b6e5224

SHA256

ac4a0328d512526f20122f0399d557b1334f3b2ac264d9e749d6d2788e956b2e

SHA512

6a0caa9934e2c4366e312be5b6ce60e0d3ffb715ee6d97eaf13dc4cd485d305e2972868624e4460b5076ff0eec1a94ba20199f2502ab290a584b0705ff12d762

Malware Config

Extracted

Family xloader
Version 2.5
Campaign epz2
C2

http://www.pofungrealty.com/epz2/

Decoy

moslemco.com

besrbee.com

in-teh.com

fofomej.xyz

partner2form.com

codigocentro.com

thgn29.xyz

behindwp.com

oliviatevents.com

jammineugene.com

colobohieran.quest

freidenfelt.com

ribbitathleticwear.com

dreamlylife.com

hotelcxn.com

preciosaglass.com

lawaves.net

thatsnotmydriveway.com

northportbusinesscenter.com

dayinamman.com

bootsinspectors.com

bluestarryshimmeringsky.com

sprinklekart.com

natiymati.com

basculasperu.com

nurixpharmaceutical.com

themorningprayer.com

clashofkingsgame.net

javkangaroo.com

best10canadianreviews.info

025xy.xyz

businessexpansion2021.com

hitxxxmovies.com

wf-lc.com

imsrisk.com

spreadsheetcrashcourse.com

richardklewis.store

packgames.store

xiluoxtmcwj.com

gvcxyk.com

versebay.com

stopswatting.com

buranipsicologia.com

tgg-customs.com

indevmobility.mobi

buygaia.com

sweetharmony.info

theassistant46.com

espinoza.tech

reginejohansen.com

Targets
Target

REQUEST FOR QUOTATION.exe

MD5

cc19c69f756ab25010c68a64b03f2eee

Filesize

254KB

Score
10/10
SHA1

48e28f2fcb7a13efa879b99b14ba52571b6e5224

SHA256

ac4a0328d512526f20122f0399d557b1334f3b2ac264d9e749d6d2788e956b2e

SHA512

6a0caa9934e2c4366e312be5b6ce60e0d3ffb715ee6d97eaf13dc4cd485d305e2972868624e4460b5076ff0eec1a94ba20199f2502ab290a584b0705ff12d762

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10