Overview

overview

10

Static

static

??__ ? __ ......exe

windows7_x64

10

??__ ? __ ......exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    声明__ の __ アカウント__ コピー __ ...pdf....zip

  • Size

    346KB

  • Sample

    211025-k92tpaghaq

  • MD5

    45d487062d3b7049db836bfe4a5c0d09

  • SHA1

    1c844e46894d41004292ac3330b777bc5705d707

  • SHA256

    9ed0b8ed78f9a77e00224c7b90f8e813d61bb2df4318ad7526c590f2743dc4cb

  • SHA512

    8564701a155c2d02cbdf3b94a9a1855a4f4b754119bde72f62fb51e70774c62a5ca71da4edced8b02f5ce0636b2399e94904908630ac487d91f479c81f8fbdd5

Score
10/10
xloaders86jloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s86j

C2

http://www.emboldenlife.net/s86j/

Decoy

getlumichargeserver.com

act-vitaalcoach.store

craftgeekz.com

monetflowerfarm.com

morakotislandrealty.com

onlineastrologeruk.com

evvpsml.com

hnbtc.net

auxiliacapitalpartnersllc.com

rdwoodworksstore.com

shulwinfitness.com

arterialhealthgrids.com

cryptork.biz

solomini-tech.com

porttownsendapartments.com

poprumor.com

assetsauctioneer.com

electronics2anyone.com

upskillpme.online

247fooddelivery.com

Targets

    • Target

      ??__ ? __ ?????__ ??? __ ...pdf.....exe

    • Size

      395KB

    • MD5

      b68d6bb055b0fb1367900eaee876dd20

    • SHA1

      46721ae469d81070727744a16f02d8c88144e99f

    • SHA256

      b0fe839ee84678c067828ee5d5d48a30e2588c4a29fd9402609a335fe667c91d

    • SHA512

      890f7cf60b16ed5d7edb935fb5e2c4a4397751e67e01654d09022a45290fd7d46f24786be99af3bc99a9964458be757d82756c074cd07d032197c27cb00b6e9e

    Score
    10/10
    xloaders86jloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks