Overview

overview

10

Static

static

10

dump_2.exe

windows7_x64

10

dump_2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dump_2.exe

  • Size

    163KB

  • Sample

    211028-q9h98sgdhp

  • MD5

    affd2e9e568d6d431cb872166ba00a97

  • SHA1

    14d2752d408c3e825cdddeb9beb84de7c3434eed

  • SHA256

    64a668add3d7f3bbcc0ef6acb25529c70df773d74e7e17a4a8fd8c95e81ee8bd

  • SHA512

    e0c9fc9c14b83bbebe13441eb873b942f59c54b474c861980d37d45eb68b935b60fdc37952072fa2d927b11a0294f68050663e61656101843e6bb5eb1f479c5b

Score
10/10
xloaderc8teloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c8te

C2

http://www.art-space.xyz/c8te/

Decoy

solendshop.com

petanimals2021.com

infullylucky.com

advisormarketing.online

hgfdsx.com

bjshsq.com

43454255.xyz

newsexpressed.com

tenacityshipping.com

y-promotion.com

saltypigeon.com

acemodule.com

satisfaction-spa.com

evertownnyc.com

orgoheart.com

bankerszonemock.com

conveniente-prestamo.com

suprememodelmanagement.com

ego-designteam.com

mecanicotijuana.com

Targets

    • Target

      dump_2.exe

    • Size

      163KB

    • MD5

      affd2e9e568d6d431cb872166ba00a97

    • SHA1

      14d2752d408c3e825cdddeb9beb84de7c3434eed

    • SHA256

      64a668add3d7f3bbcc0ef6acb25529c70df773d74e7e17a4a8fd8c95e81ee8bd

    • SHA512

      e0c9fc9c14b83bbebe13441eb873b942f59c54b474c861980d37d45eb68b935b60fdc37952072fa2d927b11a0294f68050663e61656101843e6bb5eb1f479c5b

    Score
    10/10
    xloaderc8teloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks