Overview

overview

10

Static

static

IMG-000284794.exe

windows7_x64

10

IMG-000284794.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-000284794.exe

  • Size

    1.2MB

  • Sample

    220114-l1m5lsfgfk

  • MD5

    abd28466f7cb80d6da36fed9f3e6bef4

  • SHA1

    fb2911028f32b2b3c07004a21e84773e3efd1519

  • SHA256

    5686f840b9b2834952367cd9c37ec4c8385bcc90348dd3a92e488c0faebed85a

  • SHA512

    0c6aa40cc0797ae3e59bf863bce36c1bb4a96760aa2897b8b03706da83e24a9009fbda569a243c890c7013d4f6e1514e73349757b16c0b318407019ad1e51586

Score
10/10
xloaderc6siloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

    • Target

      IMG-000284794.exe

    • Size

      1.2MB

    • MD5

      abd28466f7cb80d6da36fed9f3e6bef4

    • SHA1

      fb2911028f32b2b3c07004a21e84773e3efd1519

    • SHA256

      5686f840b9b2834952367cd9c37ec4c8385bcc90348dd3a92e488c0faebed85a

    • SHA512

      0c6aa40cc0797ae3e59bf863bce36c1bb4a96760aa2897b8b03706da83e24a9009fbda569a243c890c7013d4f6e1514e73349757b16c0b318407019ad1e51586

    Score
    10/10
    xloaderc6siloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks