General
Target

rfq.exe

Size

304KB

Sample

211103-nqkylsaggp

Score
10/10
MD5

1fefc11b33956003889da1a5337179f4

SHA1

01a2773637fa5eea87508ee768d7ccff9bd09f7b

SHA256

9b4f227304980351439c58e4b8a29844c7929c11de71051cf7c79f348996e8b1

SHA512

f5e8faf8d630acf5a5f9cdd34e2b87cb67cb8877e5790ab63626adcb7f447bc05cd2d54b728b2c613f12b656c3a8f5b7516c0c5dcbed1a3d8bbcc1c0fa7c292a

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

samrgov.xyz

grownupcurl.com

sj0755.net

beekeeperkit.com

richessesabondantes.com

xclgjgjh.net

webworkscork.com

vedepviet365.com

bretabeameven.com

cdzsmhw.com

clearperspective.biz

tigrg5g784sh.biz

bbezan011.xyz

mycar.store

mansooralobeidli.com

ascensionmemberszoom.com

unlimitedrehab.com

wozka.top

askylarkgoods.com

rj793.com

prosvalor.com

primetimeexpress.com

boixosnoisperu.com

mmasportgear.com

concertiranian.net

hyponymys.info

maila.one

yti0fyic.xyz

shashiprayag.com

speedprosmotorsports.com

Targets
Target

rfq.exe

MD5

1fefc11b33956003889da1a5337179f4

Filesize

304KB

Score
10/10
SHA1

01a2773637fa5eea87508ee768d7ccff9bd09f7b

SHA256

9b4f227304980351439c58e4b8a29844c7929c11de71051cf7c79f348996e8b1

SHA512

f5e8faf8d630acf5a5f9cdd34e2b87cb67cb8877e5790ab63626adcb7f447bc05cd2d54b728b2c613f12b656c3a8f5b7516c0c5dcbed1a3d8bbcc1c0fa7c292a

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        1/10

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10