Overview

overview

10

Static

static

Jayaswal N...nt.exe

windows7_x64

10

Jayaswal N...nt.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Jayaswal Neco Industries - Products List & document.rar

  • Size

    1.0MB

  • Sample

    211208-mas4lshegn

  • MD5

    18ddca4387fe50fafa86c18a2ab67be6

  • SHA1

    769bddbab8e6e3d65ee6999d13b6bedd54ae383c

  • SHA256

    5a19f9f6d88cd86681edee1bbcb3f5ade2237d38ccac3e401eeb820918130823

  • SHA512

    07378251785d697e36028d8287da87161af99cabceb3b89367cafde5c2623c7d6d5c73378d2151314125df393e7615c672454973aaaeea66955b7d8423ecf7d2

Score
10/10
xloader46uqloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

    • Target

      Jayaswal Neco Industries - Products List & document.exe

    • Size

      1.2MB

    • MD5

      f3d120960ee7052af731cebcfc3b4d99

    • SHA1

      16ae70774e448cbb368838c89feb4c173955ecc9

    • SHA256

      d176de3884899e94f7c82f1ad0b21e9f305d3d5d7d753cc701a880e01d692cad

    • SHA512

      de5014a7fed0ab9d860bd53e8606010e00c519cf73574bee6186e13a9d9f657747a590ec7486ae5b6bc1765d76a123704e280dfcb99f8f621d5dae6cda9355df

    Score
    10/10
    xloader46uqloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks