Overview

overview

10

Static

static

Revised Qu...pg.exe

windows7_x64

10

Revised Qu...pg.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revised Quotation & COA_jpg.exe

  • Size

    551KB

  • Sample

    220127-s3sansfagp

  • MD5

    fce9b050476d555a64ce0522191d1f4a

  • SHA1

    4c34b842888ba0c8f80fdba42055281c18e995f3

  • SHA256

    07569721866b0b2b3d83ec0db9d400f9cd623c51ea30706aaef9e032ec64795e

  • SHA512

    c6ffe706492a009e214e6b6c256bf41406e217a93c9aa9e898b71ea66428c545bb4420f314d7781e9321e9095d678c6440fe4bb12bd8c629a9819e9effc32247

Score
10/10
xloaderquc5loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

quc5

Decoy

writerpilotpublishing.com

journeywands.com

madacambo.com

boreslirealestate.com

drillshear.com

urbanmastic.com

focalbunk.com

ghpgroupinc.xyz

rfgmhnvf.com

241mk.com

mandolinzen.com

thenorthstarbets.com

oggperformancehorses.com

webuywholesalerhouses.com

cinreyyy.com

theyoungwedding.com

neuro-ai-web-ru.digital

zavienniky.xyz

kin-school.com

lowratepersonalloans.com

Targets

    • Target

      Revised Quotation & COA_jpg.exe

    • Size

      551KB

    • MD5

      fce9b050476d555a64ce0522191d1f4a

    • SHA1

      4c34b842888ba0c8f80fdba42055281c18e995f3

    • SHA256

      07569721866b0b2b3d83ec0db9d400f9cd623c51ea30706aaef9e032ec64795e

    • SHA512

      c6ffe706492a009e214e6b6c256bf41406e217a93c9aa9e898b71ea66428c545bb4420f314d7781e9321e9095d678c6440fe4bb12bd8c629a9819e9effc32247

    Score
    10/10
    xloaderquc5loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks