Overview

overview

10

Static

static

Scan_10384648.exe

windows7_x64

10

Scan_10384648.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan_10384648.exe

  • Size

    493KB

  • Sample

    211022-jyw9dscbhn

  • MD5

    74e58b71d9d25130e6b47e1adccd1cf8

  • SHA1

    92fb13e26c1c0ed3698cece64aabe0834b74e798

  • SHA256

    4645255a1302be5b36e6814261279dc48d24f03c3a170b0b2efca04adacd2718

  • SHA512

    991695fd0ea85daf11e7d6da0a9f2079b9da9c46b217ccdccaba6cfdf83ed501188e1efedadab077c5d4bd33bfa430d9456d80ba1b3f92565ab7db5fa0021321

Score
10/10
xloaderyjqnloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

C2

http://www.wavekiss.com/yjqn/

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

    • Target

      Scan_10384648.exe

    • Size

      493KB

    • MD5

      74e58b71d9d25130e6b47e1adccd1cf8

    • SHA1

      92fb13e26c1c0ed3698cece64aabe0834b74e798

    • SHA256

      4645255a1302be5b36e6814261279dc48d24f03c3a170b0b2efca04adacd2718

    • SHA512

      991695fd0ea85daf11e7d6da0a9f2079b9da9c46b217ccdccaba6cfdf83ed501188e1efedadab077c5d4bd33bfa430d9456d80ba1b3f92565ab7db5fa0021321

    Score
    10/10
    xloaderyjqnloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks