General

  • Target

    6c4a4577b05acbeb2d7daecf27658d03

  • Size

    20KB

  • Sample

    211029-xh22ladhg3

  • MD5

    6c4a4577b05acbeb2d7daecf27658d03

  • SHA1

    609fea5345fc11357c1d2dde6b33ac8db1d8b0f3

  • SHA256

    3b581601796d4459571b4079419ea4e33065675c4dfb309877bace18fc8d1f63

  • SHA512

    d749b744cb3d6d099bb46ccd03b5441950ec270f4b1c342c6b734192b36e73381e1a97f88184e9d29145234631ccef846b9cd8d2e72b35b0155af525511a47eb

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      6c4a4577b05acbeb2d7daecf27658d03

    • Size

      20KB

    • MD5

      6c4a4577b05acbeb2d7daecf27658d03

    • SHA1

      609fea5345fc11357c1d2dde6b33ac8db1d8b0f3

    • SHA256

      3b581601796d4459571b4079419ea4e33065675c4dfb309877bace18fc8d1f63

    • SHA512

      d749b744cb3d6d099bb46ccd03b5441950ec270f4b1c342c6b734192b36e73381e1a97f88184e9d29145234631ccef846b9cd8d2e72b35b0155af525511a47eb

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Command-Line Interface

1
T1059

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks