Overview

overview

10

Static

static

Jayaswal N...nt.exe

windows7_x64

10

Jayaswal N...nt.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Jayaswal Neco Industries - Products List & document.exe

  • Size

    1.2MB

  • Sample

    211208-mas4lshegp

  • MD5

    f3d120960ee7052af731cebcfc3b4d99

  • SHA1

    16ae70774e448cbb368838c89feb4c173955ecc9

  • SHA256

    d176de3884899e94f7c82f1ad0b21e9f305d3d5d7d753cc701a880e01d692cad

  • SHA512

    de5014a7fed0ab9d860bd53e8606010e00c519cf73574bee6186e13a9d9f657747a590ec7486ae5b6bc1765d76a123704e280dfcb99f8f621d5dae6cda9355df

Score
10/10
xloader46uqloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

    • Target

      Jayaswal Neco Industries - Products List & document.exe

    • Size

      1.2MB

    • MD5

      f3d120960ee7052af731cebcfc3b4d99

    • SHA1

      16ae70774e448cbb368838c89feb4c173955ecc9

    • SHA256

      d176de3884899e94f7c82f1ad0b21e9f305d3d5d7d753cc701a880e01d692cad

    • SHA512

      de5014a7fed0ab9d860bd53e8606010e00c519cf73574bee6186e13a9d9f657747a590ec7486ae5b6bc1765d76a123704e280dfcb99f8f621d5dae6cda9355df

    Score
    10/10
    xloader46uqloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks