General

  • Target

    Request for Quotation.exe

  • Size

    505KB

  • Sample

    211027-g2m4saagf5

  • MD5

    0ad7201eb902e58b08a769af58a72846

  • SHA1

    ba8b764c65299d732e97be27ac371108a0672537

  • SHA256

    19bc9a34f4a074428bec1c81bb731aab86b38d877dca82ecae158f9b29d93dbf

  • SHA512

    58aa04e56e1cc46836a7d55fa07f50e55bfd732d5b2c849bb1b2cb59067dc2f587164554ac548445668cabf3ca548e9b0283c4aeb8f7a636c21a791b5ccf6cd0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

    • Target

      Request for Quotation.exe

    • Size

      505KB

    • MD5

      0ad7201eb902e58b08a769af58a72846

    • SHA1

      ba8b764c65299d732e97be27ac371108a0672537

    • SHA256

      19bc9a34f4a074428bec1c81bb731aab86b38d877dca82ecae158f9b29d93dbf

    • SHA512

      58aa04e56e1cc46836a7d55fa07f50e55bfd732d5b2c849bb1b2cb59067dc2f587164554ac548445668cabf3ca548e9b0283c4aeb8f7a636c21a791b5ccf6cd0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks