Overview

overview

10

Static

static

1

xkp0987654...90.exe

windows7_x64

10

xkp0987654...90.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xkp0987654334567890.exe

  • Size

    290KB

  • Sample

    211103-reeh8sbbcm

  • MD5

    a2f208fe902bda1d7db8433e90277136

  • SHA1

    d8c386f37550d52ec05e070a34e8ea442caaed6e

  • SHA256

    3385d2ea5b6acf9926ae2f0df8179bc35a0ff85f552a79c85a7f11faebb91622

  • SHA512

    74876318f69bf11185dfc3c17a6aa61f86803f80b543d8170ff29e85124667a50c4c1e18741313e0864f8a55db0160c12ffbf12107418effefd969ff6fb15de7

Score
10/10
xloaderiaoploaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iaop

C2

http://www.georgeinnhatherleigh.com/iaop/

Decoy

oosakichi.com

group1beadles.com

navegadorexclusivo.digital

awefca.xyz

strakerwilliams.com

stone-img.com

radialodge.com

tequesquitengo.net

humanegardens.com

rubberyporqjp.xyz

farazkhak.com

gfsexpornvideos.com

stealth-carrier.com

hemtpi.xyz

tygcj.com

agileiance.com

ioan316.com

kitchendesigns.xyz

shannacarolphotography.com

oheytech88.net

Targets

    • Target

      xkp0987654334567890.exe

    • Size

      290KB

    • MD5

      a2f208fe902bda1d7db8433e90277136

    • SHA1

      d8c386f37550d52ec05e070a34e8ea442caaed6e

    • SHA256

      3385d2ea5b6acf9926ae2f0df8179bc35a0ff85f552a79c85a7f11faebb91622

    • SHA512

      74876318f69bf11185dfc3c17a6aa61f86803f80b543d8170ff29e85124667a50c4c1e18741313e0864f8a55db0160c12ffbf12107418effefd969ff6fb15de7

    Score
    10/10
    xloaderiaoploaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks