General

  • Target

    Rfq#001.zip

  • Size

    241KB

  • Sample

    211029-w1t82adha2

  • MD5

    26478ed2d6bfad2ba3d4d65ec47fb0f6

  • SHA1

    be4fe3fc18b29dcab934000d7a90cf8a735eec53

  • SHA256

    c59e9af65070704057d9d0388d84f6c0be3ee7aa61390d8822e927239172ffbf

  • SHA512

    8d2746a8b497936bb534b627bba2bc69d56fd2c1eb3f9fea941c3a0ba90c9a04498c24d84e0c4f761b14f10aa264a006b9b4c2be8fc6cd1c4be9a4ec2b712b5e

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

Targets

    • Target

      Rfq#001.exe

    • Size

      266KB

    • MD5

      8f558dc1338758e9fda83eab8ba9e7a9

    • SHA1

      abbc4650a4ba5a91ffa99bbd0c1238d0e6e166a7

    • SHA256

      cd89124cf3f0de7157d5f500b1dd20603a19ed890773d9cb9b1d1ea5b5372005

    • SHA512

      d67fc009cc4d95f604540927601e9558432940b2bcefc126967f2dca4aefaa52761758c464cbe7ae42b6fb75305d721a814dbfedf48867df54d6cd733f9803df

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

2
T1082

Tasks