General

  • Target

    NEW QUOTE 8902561.exe

  • Size

    1.0MB

  • Sample

    211214-wsla6agbh5

  • MD5

    20587e405bba213999654e7244fdfc7d

  • SHA1

    b838f77d47319df9df1cb7ee3a2102c48aa95b69

  • SHA256

    6f7495ea749aac3582ea29a192a2c35e7c39194ae2d531f5452b2f27e5c2830a

  • SHA512

    17bbfdd3fc16486bae85757f310f92c3d0b36dc872a2b08d7a4e3a2f763a00763e0faa2c655b548dc1e36e3163675d371e47e0debe12e91cfa0daf6940d5704d

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

C2

http://www.asiapubz-hk.com/ea0r/

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

Targets

    • Target

      NEW QUOTE 8902561.exe

    • Size

      1.0MB

    • MD5

      20587e405bba213999654e7244fdfc7d

    • SHA1

      b838f77d47319df9df1cb7ee3a2102c48aa95b69

    • SHA256

      6f7495ea749aac3582ea29a192a2c35e7c39194ae2d531f5452b2f27e5c2830a

    • SHA512

      17bbfdd3fc16486bae85757f310f92c3d0b36dc872a2b08d7a4e3a2f763a00763e0faa2c655b548dc1e36e3163675d371e47e0debe12e91cfa0daf6940d5704d

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks