Overview

overview

10

Static

static

QUOTE REQU...Co.exe

windows7_x64

3

QUOTE REQU...Co.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTE REQUEST FOB_Medlited Trading Co.r15

  • Size

    470KB

  • Sample

    211122-twza3sgabq

  • MD5

    96b7ce2b7c29e05d8833e99ff9320614

  • SHA1

    a831ebf1dcfe43a0990a46c6dd7dd455ee1cae13

  • SHA256

    56935322481dae7857012c8ccb8409bf6db53f758767ddd584437896fa6cabb9

  • SHA512

    6b2ca674acbc4305cd4b1b0bd8beec7a5b86158e6745ab837a9d85904df2a08ca5357b5d85e3a4bd0419ae376772e8f11bb26a284d7d5bb3074269add7863087

Score
10/10
xloader46uqloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

    • Target

      QUOTE REQUEST FOB_Medlited Trading Co.exe

    • Size

      611KB

    • MD5

      8ddcaa0954d47bcb1e6b18de42fbfd6c

    • SHA1

      8de0ab3b4e57d551f4783b6a1410d429c8b62c38

    • SHA256

      c50fdcefdf51c648404eb54eebcb81012e2c736252e232759c7eef5fac1d5174

    • SHA512

      31dc38d1d45893c6f00e28d2cf192e1451a5c4e84af701fe76c04b1175a7c528f7f95d1d3ec3edb30448b2465e127c66c64904e07da9a762663e9b29c8c4c80d

    Score
    10/10
    xloader46uqloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks