Overview

overview

10

Static

static

1

RFQ#.exe

windows7_x64

10

RFQ#.exe

windows10_x64

10
General
Target

RFQ#.exe

Size

296KB

Sample

211028-rzl4tagecr

Score
10/10
MD5

3838c43e12f0c22ecf9a9a0c1deb1d30

SHA1

7b9d8e4a093672411f71f1cf6a7fe6803c61773c

SHA256

b980dfcce93e9140d8ce71151f2f385026b8cebc195b71055707e1468ad0131b

SHA512

f0f860a56500b449b29558dc6e8860ce4441cee2612cc22c7cb9aaf5106062e290e3b3313dd0eef55fe1678791992f0502dbda9d0350110b7f7591853445935c

Malware Config

Extracted

Family

xloader
Version

2.5
Campaign

unzn
C2

http://www.davanamays.com/unzn/
Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

samrgov.xyz

grownupcurl.com

sj0755.net

beekeeperkit.com

richessesabondantes.com

xclgjgjh.net

webworkscork.com

vedepviet365.com

bretabeameven.com

cdzsmhw.com

clearperspective.biz

tigrg5g784sh.biz

bbezan011.xyz

mycar.store

mansooralobeidli.com

ascensionmemberszoom.com

unlimitedrehab.com

wozka.top

askylarkgoods.com

rj793.com

prosvalor.com

primetimeexpress.com

boixosnoisperu.com

mmasportgear.com

concertiranian.net

hyponymys.info

maila.one

yti0fyic.xyz

shashiprayag.com

speedprosmotorsports.com
Targets
Target

RFQ#.exe

MD5

3838c43e12f0c22ecf9a9a0c1deb1d30

Filesize

296KB

Score
10/10
SHA1

7b9d8e4a093672411f71f1cf6a7fe6803c61773c

SHA256

b980dfcce93e9140d8ce71151f2f385026b8cebc195b71055707e1468ad0131b

SHA512

f0f860a56500b449b29558dc6e8860ce4441cee2612cc22c7cb9aaf5106062e290e3b3313dd0eef55fe1678791992f0502dbda9d0350110b7f7591853445935c

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        1/10

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10