Overview

overview

10

Static

static

583475.exe

windows7_x64

10

583475.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    583475.exe

  • Size

    1.0MB

  • Sample

    211027-rsz24ahbdr

  • MD5

    721356bfa1f8c23d40f6b2ff77b55db0

  • SHA1

    c4d25b17c64716f2e7558bd302cd901bd63757d8

  • SHA256

    e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6

  • SHA512

    a424419a3083ddf2e29eea8a058a3002bc0d1cd3cbb20b6db698c90f715aa1ea1d55bc3933aaa5b7bf17d04ecd80227b1acdb7cff02c4d1177f6909766dfb8c1

Score
10/10
xloaderuat8agilenetloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uat8

C2

http://www.eeeptou.xyz/uat8/

Decoy

suddennnnnnnnnnnn47.xyz

fggj99.com

ojosnegroshacienda.com

tinyhollywood.com

marketersmeetup.com

anushreehomemadeproducts.online

appsdeals14.com

ocean-breath-retreat.com

subin-party.com

offroad.wiki

coryfairbanks.com

algurgpaint.net

k1snks.com

florakitchens.com

tollywoodbold.com

kzkidz.com

bequestporfze.xyz

tiplovellc.com

city-ad.com

strombolidefilm.com

Targets

    • Target

      583475.exe

    • Size

      1.0MB

    • MD5

      721356bfa1f8c23d40f6b2ff77b55db0

    • SHA1

      c4d25b17c64716f2e7558bd302cd901bd63757d8

    • SHA256

      e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6

    • SHA512

      a424419a3083ddf2e29eea8a058a3002bc0d1cd3cbb20b6db698c90f715aa1ea1d55bc3933aaa5b7bf17d04ecd80227b1acdb7cff02c4d1177f6909766dfb8c1

    Score
    10/10
    xloaderuat8agilenetloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks