Overview

overview

10

Static

static

KDUSC-PRO-...21.exe

windows7_x64

10

KDUSC-PRO-...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KDUSC-PRO-MAINT-117-2021.exe

  • Size

    779KB

  • Sample

    211115-hpszyaedan

  • MD5

    33b907210bb4d49062f0e2747ea08c6d

  • SHA1

    db94c37b6bbe1177db007317c0dd8ddc4c84e68b

  • SHA256

    ec967cb2eeeb76c7acaba88e1c3eb6f5fa39cedb54b4edbb17eb0087977d21ee

  • SHA512

    18f0884e91c3b7d0feb024275bd5ab9bbe78cd1eb6eab333cbf4e603d45075d37b26b5256b6c5a65187299fce74c9a35c7a9f9655937569f589d731ce7a11998

Score
10/10
xloaderu0n0loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

    • Target

      KDUSC-PRO-MAINT-117-2021.exe

    • Size

      779KB

    • MD5

      33b907210bb4d49062f0e2747ea08c6d

    • SHA1

      db94c37b6bbe1177db007317c0dd8ddc4c84e68b

    • SHA256

      ec967cb2eeeb76c7acaba88e1c3eb6f5fa39cedb54b4edbb17eb0087977d21ee

    • SHA512

      18f0884e91c3b7d0feb024275bd5ab9bbe78cd1eb6eab333cbf4e603d45075d37b26b5256b6c5a65187299fce74c9a35c7a9f9655937569f589d731ce7a11998

    Score
    10/10
    xloaderu0n0loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks